Re: [RFC][PATCH] Extended Attributes for Security Modules

Chris Wright (chris@wirex.com)
Tue, 15 Apr 2003 11:56:34 -0700


* Chuck Ebbert (76306.1226@compuserve.com) wrote:
> Stephen Smalley wrote:
>
> > In practice, I would
> > expect that any "stacking" of multiple security modules that use
> > security fields and xattr will actually involve creation of a new module
> > that integrates the logic of the individual modules. This is preferable
> > anyway to ensure that the interactions among the security modules are
> > well understood, that the logic is combined in a sensible manner, and
> > that the individual logics can not subvert one another.
>
> On FreeBSD 5 you 'stack' the mac_biba and mac_mls modules to get both
> integrity and confidentiality, right? Or is that something different?

It's a difference in implementation. FreeBSD builds stacking directly into
the framework, whereas LSM makes stacking a policy decision for the module.

thanks,
-chris

-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/