[rsbac] Thoughts on the "No Linux Security Modules framework" old claims

Michal Purzynski albeiro at polsl.gliwice.pl
Thu Feb 24 13:17:28 CET 2005

On 24 lut, 2005, at 9:28, Amon Ott wrote:

> As long as the capabilities module does not support stacking, anybody
> needing capabilities and e.g. on-access scanning with Dazuko will
> have to unload this module, load another module, and reload it. This
> creates a nasty race condition. BTW, what happens if capabilities
> have been compiled static, not as a module?
in fact using capabilites as LKM is rather dangerous. just some parts 
of kernel should _never ever_ be made modular. and there was bug 
recently, showing up when capabilites was build as LKM. it was pretty 
agreed that it should not be done so.

> no doubt we will see trojans using LSM disabling stacking along with 
> other decision modules with this design

More information about the rsbac mailing list