Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Christoph Hellwig <hch@xxxxxxxxxxxxx>
- Date: Mon, 17 Apr 2006 17:23:45 +0100
On Mon, Apr 17, 2006 at 12:06:53PM -0400, Stephen Smalley wrote:
I thought of this, see label_all_processes. Unfortunately I found no way of
actually doing this. I would need to iterate through the tasklist structure,
but the task_lock export is going to be removed from the kernel.
So, if built-in isn't an option, propose an interface to the core
security framework to allow security modules to perform such
initialization without needing to directly touch the lock themselves
NACK. The whole idea of loading security modules after bootup is flawed.
Any scheme that tries to enumerate process and other entinity after the
fact for access control purposes is fundamentally flawed. We're not going
to add helpers or exports for it, I'd rather remove the ability to build
lsm hook clients modular completely.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Stephen Smalley
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- References:
- [RFC][PATCH 2/7] implementation of LSM hooks
- From: Török Edwin
- Re: [RFC][PATCH 2/7] implementation of LSM hooks
- From: Stephen Smalley
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Török Edwin
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Stephen Smalley
- [RFC][PATCH 2/7] implementation of LSM hooks
- Prev by Date: Re: want to randomly drop packets based on percent
- Next by Date: [PATCH] Remove unnecessary kmalloc/kfree calls in mtdchar
- Previous by thread: Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- Next by thread: Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- Index(es):
Relevant Pages
|
