On Tue, Jan 8, 2013 at 9:14 AM, Casey Schaufler <ca...@schaufler-ca.com> wrote: > On 1/8/2013 1:12 AM, James Morris wrote: >> Yama is special-cased and can stay that way. > > Yama is *not* a special case, it is an example. It is the kind > of new thing that provides security that is not access control. > It was special cased at the request of distros because there was > no general mechanism for including it along with the primary > LSM.
I think he meant "there is a CONFIG to special-case Yama", but yes, Yama is a good example. Now that finit_module has landed, I intend to send another micro-LSM to provide logic for blocking modules when the root devices is read-only. It would be another example of an LSM that needs to be stacked with others. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
