On Sun, 4 Jan 2004 07:53, martin f krafft <[EMAIL PROTECTED]> wrote: > also sprach Russell Coker <[EMAIL PROTECTED]> [2003.12.19.0229 +0100]: > > In terms of LSM protection against this, if you use SE Linux then > > all aspects of file access and module loading are controlled by > > the policy. I am going to write a policy that implements > > something similar to BSD secure levels so that you can put > > a server into a mode where all kmem and module load access is > > disabled. That should be all you need. > > Is this current work in progress? Do you have an ETA?
No ETA at the moment. But it will be done. > also sprach Henrique de Moraes Holschuh <[EMAIL PROTECTED]> [2003.12.19.1018 +0100]: > > I think there is a LSM "BSD secure levels" module around (that has > > nothing to do with SE Linux), which should be much easier an > > install for those who want to play with BSD secure levels in > > Linux. > > The question is: does it mix with SE Linux? I always wondered about > LSM... they are stacking modules, right? So this would have to come > before or after SELinux, at which point one can take control from > the other, no? LSM in it's current form only supports denying access. So if you have two modules stacked then either one can prevent an operation, but if one module prevents it the other can not allow it. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
