From: James Morris <jmorris@intercode.com.au>
Subject: Re: Future: RSBAC and LSM
Date: Thu, 30 Aug 2001 18:32:51 +1000 (EST)
Next Article (by Subject): Future: RSBAC and Unix sockets Stanislav Ievlev
Previous Article (by Subject): Re: Future: RSBAC and LSM James Morris
Top of Thread: Future: RSBAC and LSM Stanislav Ievlev
Articles sorted by: [Date]
[Author]
[Subject]
On Thu, 30 Aug 2001, Amon Ott wrote: > On Don, 30 Aug 2001 Stanislav Ievlev wrote: > > Hello All! > > I've just seen pre-patches for LSM. As I understand, RSBAC 1.1.2 will be > > ported to LSM. > > > > One question: > > RSBAC sometimes uses two ADF calls in syscalls: one for decision and one > > for notification (e.g. in sys_unlink) > > But LSM already use only one LSM call. > > How to solve it? > > It will only work, if after the single call the syscall will always succeed. > It is possible to multiplex different types of system calls over a single system call, and this is how the existing network socket syscalls are implemented (see socketcall(2)). My understanding is that the LSM syscall is intended to be used like this for any number of security-specific system calls as required. - James -- James Morris <jmorris@intercode.com.au> - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): Future: RSBAC and Unix sockets Stanislav Ievlev
Previous Article (by Subject): Re: Future: RSBAC and LSM James Morris
Top of Thread: Future: RSBAC and LSM Stanislav Ievlev
Articles sorted by: [Date]
[Author]
[Subject]