* Chuck Ebbert (76306.1226@compuserve.com) wrote:
> Stephen Smalley wrote:
>
> > In practice, I would
> > expect that any "stacking" of multiple security modules that use
> > security fields and xattr will actually involve creation of a new module
> > that integrates the logic of the individual modules. This is preferable
> > anyway to ensure that the interactions among the security modules are
> > well understood, that the logic is combined in a sensible manner, and
> > that the individual logics can not subvert one another.
>
> On FreeBSD 5 you 'stack' the mac_biba and mac_mls modules to get both
> integrity and confidentiality, right? Or is that something different?
It's a difference in implementation. FreeBSD builds stacking directly into
the framework, whereas LSM makes stacking a policy decision for the module.
thanks,
-chris
-- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Apr 15 2003 - 22:00:36 EST