On Tue, October 30, 2007 07:14, Cliffe wrote: > And while I acknowledge that many of these layers are currently buried > within the kernel (netfilter...) they are security layers which in many > cases would probably make sense as stackable security modules. > > Making the interface static forces mammoth solutions which then must > attempt to solve all of the above in one ls*m*. What happened to > dividing tasks into easy to manage chunks?
Would it be possible to have Kconfig select which LSM should handle each area of security? Selecting LSM A would automatically disable LSM B and C since they both implement the same security functions, while LSM D would still be selectable since it implements something else. The default capabilities code would then turn off parts of itself that another LSM is handling. Alternatively the M in LSM can be restored and modules can be stacked. It should be possible for the primary LSM to check the security_ops of the secondary LSM(s) and complain if it considers there to be an incompatiblity. -- Simon Arlott - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
