Re: A basic question about the security_* hooks
From: Valdis . Kletnieks
Date: Mon Dec 28 2009 - 14:28:07 EST
On Mon, 28 Dec 2009 20:51:49 +0900, Tetsuo Handa said:
(Hit send too soon)
> Both SELinux and TOMOYO have ability to cover all processes (from /sbin/init
> till /sbin/poweroff) or targeted processes (e.g. only daemons). But SELinux is
> not widely used for protecting all processes. TOMOYO can provide some
> protection for processes which SELinux doesn't protect.
OK, this was what I was talking about - what processes does TOMOYO protect
that SELinux doesn't? Or are you suggesting "use TOMOYO when using the SELinux
'targeted' policy that only tracks some processes"? It would seem that a better
solution there would be to just go ahead and use the 'strict' or 'mls' policies
if you want coverage of all processes - having some processes under SELinux
and some under TOMOYO rules is just asking for confusion...
> Also, people know we sometimes need to restrict string parameters for avoiding
> unwanted consequence. TOMOYO can pay attention to string parameters whereas
> SELinux can't.
Which string parameters are these? Perhaps a better approach than trying to
layer all of TOMOYO on SELinux is to create a small targeted "look at string
parameters" LSM and run *that* on top. Would require LSM stacking, but so would
doing all of TOMOYO.
Attachment:
pgp00000.pgp
Description: PGP signature