[go: up one dir, main page]

|
|
Log in / Subscribe / Register

LSM stacking (again)

LSM stacking (again)

Posted Jun 24, 2010 17:41 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)
In reply to: LSM stacking (again) by bronson
Parent article: LSM stacking (again)

"So and AppArmor and SELinux and Smack and Tomoyo would need to be written with all possible permutations in mind?"

Why would AppArmor need to know anything about SELinux?

A special stacking-driver should think like: "Oh, we have a file request. Let's see: - we need to pass it to AppArmor first. Done, result is OK. Then we need to pass it to Yama, result is OK. So we can perform the action".

At no point AppArmor needs to know that after it returns 'OK' further checks will be carried out.

"That sounds absolutely hellish to analyze and test. Remember, we're talking about security here -- failure is far worse than a kernel panic."

Whose who need NSA certification can go and make love with SELinux.


to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds