Hi! > This is a new Integrity Based Access Control(IBAC) LSM module which > bases access control decisions on the new integrity framework services. > IBAC is a sample LSM module to help clarify the interaction between > LSM and Linux Integrity Modules(LIM). > > - Updated Kconfig SECURITY_IBAC description > and SECURITY_IBAC_BOOTPARAM default value > - Prefixed all log messages with "ibac:" > - Redefined a couple of 'int' variables as 'static int' > > signed-off-by: Mimi Zohar <[EMAIL PROTECTED]> > --- > Index: linux-2.6.21-rc4-mm1/security/ibac/Kconfig > =================================================================== > --- /dev/null > +++ linux-2.6.21-rc4-mm1/security/ibac/Kconfig > @@ -0,0 +1,41 @@ > +config SECURITY_IBAC > + boolean "IBAC support" > + depends on SECURITY && SECURITY_NETWORK && INTEGRITY > + help > + Integrity Based Access Control(IBAC) uses the Linux > + Integrity Module(LIM) API calls to verify an executable's > + metadata and data's integrity. Based on the results, > + execution permission is permitted/denied. Integrity > + providers may implement the LIM hooks differently. For > + more information on integrity verification refer to the > + specific integrity provider documentation.
...sounds like pseudosecurity piece of **** whose only purpose is to prevent computer's owner to hack his own system? Why do we want it? Pavel > + * Integrity Based Access Control(IBAC) sample LSM module calling LIM hooks sample? > +static inline int is_kernel_thread(struct task_struct *tsk) > +{ > + return (!tsk->mm) ? 1 : 0; > +} Obfuscated C code contest? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/