[rsbac] Re: How does RSBAC relate to the Linux Security Module framework (LSM)?

Christian Schuhegger Christian.Schuhegger at cern.ch
Fri Aug 8 14:46:38 MEST 2003

Amon Ott wrote:

> LSM provides a set of low-level hooks in kernel functions, which use pointers 
> to kernel internal structures as parameters.
> RSBAC currently implements a separate set of hooks, which use a kernel 
> version independent abstraction of the type of access and the target to be 
> accessed.
> ...
> Amon.

thanks a lot for that insight!

could you perhaps also give me your personal view on how things will 
develop in the future, e.g. probably several of the security enhancement 
projects for linux will merge or at least use a common infrastructure 
and try to find some common standards so that these enhancements can go 
into the mainstream linux distributions like debian, redhat, suse, ... 
and perhaps even the linux standard base project could integrate such a 
common infrastructure?

i am also a bit surprised that a project like SELinux, which seems to 
have a similar objective as RSBAC, started after RSBAC was already a 
stable system running on different platforms? only from what i've read 
so far SELinux seems not to add any significant advantages over RSBAC, 
or does it in some areas?

at the moment i am just a bit irritated by the numberous projects having 
similar or overlapping objectives. is there perhaps somewhere a good 
overview that sets all the relevant projects into relation, e.g. how 
they could be combined or how they complement each other (perhaps even 
with a bit of historic insight)?

thanks a lot,
Christian Schuhegger

More information about the rsbac mailing list