Re: A basic question about the security_* hooks

From: Samir Bellabes
Date: Thu Dec 24 2009 - 13:58:15 EST

Next message: Henrique de Moraes Holschuh: "Re: [Patch] thinkpad_acpi: fix a build error"
Previous message: Justin P. Mattock: "Re: strange stuff in dmesg"
In reply to: Evgeniy Polyakov: "Re: A basic question about the security_* hooks"
Next in thread: Eric W. Biederman: "Re: A basic question about the security_* hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Evgeniy Polyakov <zbr@xxxxxxxxxxx> writes:

> I believe you should convice selinux and friends to add support for your
> extension, otherwise no distribution will be able to turn it on, since
> no two security frameworks can be registered simultaneously.

I agree, as a LSM module, this purpose is a no sense, because it will
avoid using another security module.
On the other hand, adding this capacity directly to the syscalls seems
to be a little bit ugly (it reminds me security post_accept hook
strategy of returning or not a value).

But the way to go is to add this directly to existing security models,
if it make sens for them.

sam
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Henrique de Moraes Holschuh: "Re: [Patch] thinkpad_acpi: fix a build error"
Previous message: Justin P. Mattock: "Re: strange stuff in dmesg"
In reply to: Evgeniy Polyakov: "Re: A basic question about the security_* hooks"
Next in thread: Eric W. Biederman: "Re: A basic question about the security_* hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]