Re: about the multiple security module in LSM

> The original stacker module by David Wheeler provided far greater flexibility
> for stacking options.  I took those out because there seemed no need.  Adding
> this back should be relatively simple.  We could add a sysfs file to specify
> how the next module should be related to the currently stacked modules, for
> instance.

The different modules may have different relationship on every hooks.
Stacker can not do these.  

> 
> That could get ugly, though :)
> 
> "
> modprobe stacker
> modprobe bsdjail
> echo "and" > /sys/security/stacker/nextmod
> modprobe dte
> echo "or" > /sys/security/stacker/nextmod
> modprobe digsig_verif
> "

Good idea. But it is too coarse.

> 
> And how do we do "(a and b) or c" ?  :)

I think this is the problem should be resolved. And this relationship may be 
optimiszed to implement.

> 
> Could you give some examples about particular modules with which you would
> like more flexible stacking?

The examples come from our pratical work. If the different modules, such as DAC,
MAC, RBAC, are in the same system, the relationship should be explicit on every
hook. 

BTW:  Can someone tell me how to parse a configure file? The example source 
codes are welcome. This file can be read by kernel module.
The configure file may be:
#this is comment
hostname = xxx.xxx.xxx.xxx
#this is netmask
mask = xxx.xxx.xxx.xxx

                                                    Yuan
     _ __          
 |\/      \/ ______     Yuan Chunyang    (Ph.D candidate)             
 \|    . . || |\\\\\    Open System & Chinese Information Processing Center  
  (   ( oo))| | ------  Institute of Software , Chinese Academy of Sciences
   /  \    \| |   ||||  P.O.Box 8718     Beijing 100080           P.R.China
  (___\^^^^^|_|___||||  Email:   chunyang03@xxxxxx