[rsbac] Load enforcement module before init

Amon Ott ao at rsbac.org
Fri Nov 30 14:07:56 CET 2007


On Friday 30 November 2007 13:44, Oliver Welter wrote:
> I am working on a Trusted Boot Chain security model and I wonder if
> it is possible to use RSBAC file access control / decission
> facilities with a custom module already before init is started?

All you have to do is compile it statically into the kernel and 
register with RSBAC in time. RSBAC is active before init is started, 
but after root dev mount. So best would be to init your module in 
init/do_mounts.c right after rsbac_init().

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22


More information about the rsbac mailing list