On Thu, 2007-03-08 at 12:01 -0600, Serge E. Hallyn wrote: > Quoting Chris Wright ([EMAIL PROTECTED]): > > * Serge E. Hallyn ([EMAIL PROTECTED]) wrote: > > > Are you objecting only to the duplication at the callsites, so that an > > > fsnotify-type of consolidation of security and integrity hooks would be > > > ok? Or are you complaining that the security_inode_setxattr and > > > integrity_inode_setxattr hooks are too similar anyway, and integrity > > > modules should just use some lsm hooks for anything which will be > > > authoritative? > > > > It's duplication of callsites with many identical implementations > > that's the problem. > > Yes it's ugly... > > But I guess it gets a point across :) > > > > (I could see an argument that integirty subsystem should be purely for > > > measuring and hence its hooks should never return a value. Only hitch > > > there is that if integrity subsystem hits ENOMEM it should be able to > > > refuse the action...) > > > > Right, that's what I was expecting to see, just the measurement > > infrastructure. > > So what you are saying is EVM would stay an LSM, with a cooperating > integrity subsystem *just* doing measurements? > > That's kind of what i was expecting too, however that doesn't fit as > well with the idea that an integrity subsystem prevents the need for lsm > stacking. I think the idea was that evm would still be able to enforce > integrity of selinux xattrs without it stack with selinux. So I can see > where this approach came from.
The enforcement mechanism should be directly integrated into SELinux, not stacked as a separate module. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
