[rsbac] Version 1.2.2 uploaded
Amon Ott
ao at rsbac.org
Sat Jul 26 19:26:57 MEST 2003
On Friday, 25. July 2003 18:40, Michael Chang wrote:
> That was where I was going next. I think hooking into LSM is a good idea;
> you're using them for what they were meant for, and it's a good way of
> keeping things more grounded in a formalized method of adding a security
> infrastructure. If the LSM folks keep things straight, then its a win-win
> situation for everyone (at least, in the long term).
>
> |> where suitable, and only patch in
> |> my own hooks where necessary. If 2.6.0-test takes as long as 2.4.0-test,
I
> |> will probably be ready before 2.6.0 comes out.
>
> I would guess that it won't take as long as 2.4, simply because of the LSM
> base. So, unless LSM is poorly documented, it should be smooth sailing.
The problem is that I have to write wrapper functions for quite a few hooks,
so I guess it will take a while. Also, the data provided to the LSM stubs
might not be sufficient in some cases.
However, I agree that the LSM hooks will make porting to new kernel versions
a bit easier - if they stay the same or at least compatible. If not, a common
RSBAC code base for all kernel versions will get even more complicated.
Another problem with LSM IMHO is that the hooks are very low level and Linux
specific, so we will always need another abstraction layer. In any case, LSM
hooks are there the way they are, the disadvantages have been known for a
long time and we now have to live with what we could get.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list