Cliffe wrote: > This question is similar to my first. > > I have multiple files (in separate locations) containing policies for > confining the same application. How can I read the contents of these > files into my LSM? In AppArmor, we use a user-level program we call a "parser" that reads the text files, parses them, turns them into a kernel-digestible data structure, and pushes them into the kernel through an API defined by the module. At various times it has been a system call, a sysctrl, and now is a virtual file system. The preferred way to load data into the kernel seems to keep changing :)
See the AppArmor parser apparmor-parser-2.0.2-566.tar.gz <http://forge.novell.com/modules/xfcontent/private.php/apparmor/LKML_Submission-April_07/apparmor-parser-2.0.2-566.tar.gz> and kernel code apparmor-kernel-patches-2.0.2-564.tar.gz <http://forge.novell.com/modules/xfcontent/file.php/apparmor/LKML_Submission-April_07/apparmor-kernel-patches-2.0.2-564.tar.gz> for details. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering http://novell.com - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
