|
|
|
Re: about the multiple security module in LSM: msg#00021linux.kernel.lsm
* Joshua Brindle (jbrindle@xxxxxxxxxx) wrote: > Shouldn't there just be a file for each hook instead of this awkward syntax? > echo "(selinux and capabilities) or backdoor" > > /sys/security/stacker/inode_permission > > echo "selinux and capabilities" > /sys/security/stacker/default > What do you do if you leave out a module on a hook? Not consider it's result? AFAICT, this way lies madness... > SELinux is flexible enough that starting a new MAC implementation from > scracth should be really a last resort. Writing your own MAC implementation should be the first thing you consider when your desire is to write a MAC implementation. "Ext3 is a flexible filesystem, don't write a new one..." SELinux should be your last consideration when your goal is to innovate. Scratch your own itch and all that... thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: about the multiple security module in LSM: 00021, Chris Wright |
|---|---|
| Next by Date: | Re: about linux kenel module configure file using xml: 00021, Chris Wright |
| Previous by Thread: | Re: about the multiple security module in LSMi: 00021, Joshua Brindle |
| Next by Thread: | [ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authentication of binaries: 00021, Makan Pourzandi |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
|
|
| News | FAQ | advertise |