[rsbac] Re: Thoughts on the "No Linux Security Modules framework" old claims

Stephen Smalley sds at epoch.ncsc.mil
Wed Feb 16 14:30:13 CET 2005

On Wed, 2005-02-16 at 08:29, Lorenzo Hernández García-Hierro wrote:
> Yes, there are many cases that apply to such scenario and context, this
> may be worth to work on, but think it's main shortcoming is that it cuts
> performance and adds further overlapping to the DAC checks, that should
> be the first ones being called (as most times they do) and then apply
> the LSM basis, so, post-processing will be only required if the DAC
> checks get in override or passed, without adding too-much overhead to
> the current behavior.
> So, I just agree partially, but yes, maybe modifying the DAC checks
> themselves and add what-ever-else helper function to handle by-default
> auditing in certain operations could be interesting.

Audit is being handled by a separate audit framework, not by LSM.  There
is already support in the Linux 2.6 kernel for auditing at syscall exit
(thereby guaranteeing that you capture the final return value in all
cases), with the ability of an LSM to enable such auditing for a
particular event from its hook functions.  Further, there is ongoing
work (see the linux-audit mailing list) for a set of audit-related hooks
that will allow auditing based on object identity and the requested mode
separate from any particular LSM.

Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency

More information about the rsbac mailing list