Re: Future: RSBAC and LSM


From: James Morris <jmorris@intercode.com.au>
Subject: Re: Future: RSBAC and LSM
Date: Thu, 30 Aug 2001 18:32:51 +1000 (EST)

Next Article (by Author): Re: /etc protection Jesse Pollard
Previous Article (by Author): Re: Future: RSBAC and LSM James Morris
Top of Thread: Future: RSBAC and LSM Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject]


On Thu, 30 Aug 2001, Amon Ott wrote:

> On Don, 30 Aug 2001 Stanislav Ievlev wrote:
> > Hello All!
> > I've just seen pre-patches for LSM. As I understand, RSBAC 1.1.2 will be
> > ported to LSM.
> >
> > One question:
> > RSBAC sometimes uses two ADF calls in syscalls: one for decision and one
> > for notification (e.g. in sys_unlink)
> > But LSM already use only one LSM call.
> > How to solve it?
>
> It will only work, if after the single call the syscall will always succeed.
>

It is possible to multiplex different types of system calls over a single
system call, and this is how the existing network socket syscalls are
implemented (see socketcall(2)).

My understanding is that the LSM syscall is intended to be used like this
for any number of security-specific system calls as required.


- James
-- 
James Morris
<jmorris@intercode.com.au>


-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): Re: /etc protection Jesse Pollard
Previous Article (by Author): Re: Future: RSBAC and LSM James Morris
Top of Thread: Future: RSBAC and LSM Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.