Re: Linux Security *Module* Framework (Was: LSM conversion to staticinterface)

[david]

On Wed, 31 Oct 2007, Peter Dolding wrote:

> MultiAdmin loaded before Selinux breaks Selinux since Multi Admin rules are 
> applied over using Selinux rules.  This is just the way it is stacking LSM's 
> is Just not healthy you always risk on LSM breaking another.  Part of the 
> reason why I have suggested a complete redesign of LSM.  To get away from 
> this problem of stacking.

since the method of stacking hasn't been determined yet, you can't say 
this.

it would be possible for MultiAdmin to grant additional access, that 
SELinux then denies for it's own reasons.

if the SELinux policy is written so that it ignores capabilities, and 
instead just looks at uid0 then that policy is broken in a stacked 
environment, but it's the polciy that's broken, not the stacking.

yes, there will be interactions that don't make sense, but just becouse 
something can be used wrong doesn't mean that there aren't other cases 
where it can be used properly.

David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/