Is there mailist about LSM
Greg KH
greg at kroah.com
Wed May 30 14:12:53 EDT 2018
On Wed, May 30, 2018 at 10:37:25AM -0700, Alexander Ivanov wrote:
> On Wed, 30 May 2018 13:25 -0400, valdis.kletnieks at vt.edu wrote:
> > What question do you have about it?
>
> There are a couple, actually :)
> First, theoretical, I suppose: what were the reasons to effectively
> disable dynamic loading of LSM ?
This was discussed loads when LSM was first created. I'll leave this as
an exercise for the reader, how would you properly unload a LSM? Think
about what a LSM does to lots and lots of different objects in the
kernel...
> Second, is there a way for two or more LSMs to co-exist? After
> inspecting security_module_enable() and register_security(), it
> doesn't seem possible, however yama does attempt to load itself? Am I
> missing something?
Again, this is discussed all the time. Search for "stackable LSM" and
you should find lots of threads about the problems involved, how people
are considering solving them, and what workarounds are currently in
place to allow some LSM to do this today.
I think google is your friend here, read the mailing list archives, it
has all of this information there already.
good luck!
greg k-h
More information about the Kernelnewbies
mailing list