Is there mailist about LSM

Alexander Ivanov amivanov at fastmail.com
Wed May 30 14:18:24 EDT 2018



On Wed, 30 May 2018 20:12 +0200, Greg KH <greg at kroah.com> wrote:
> On Wed, May 30, 2018 at 10:37:25AM -0700, Alexander Ivanov wrote:
> > On Wed, 30 May 2018 13:25 -0400, valdis.kletnieks at vt.edu wrote:
> > > What question do you have about it?
> > 
> > There are a couple, actually :)
> > First, theoretical, I suppose: what were the reasons to effectively
> > disable dynamic loading of LSM ?
> 
> This was discussed loads when LSM was first created.  I'll leave this as
> an exercise for the reader, how would you properly unload a LSM?  Think
> about what a LSM does to lots and lots of different objects in the
> kernel...
> 
> > Second, is there a way for two or more LSMs to co-exist? After
> > inspecting security_module_enable() and register_security(), it
> > doesn't seem possible, however yama does attempt to load itself? Am I
> > missing something?
> 
> Again, this is discussed all the time.  Search for "stackable LSM" and
> you should find lots of threads about the problems involved, how people
> are considering solving them, and what workarounds are currently in
> place to allow some LSM to do this today.
> 
> I think google is your friend here, read the mailing list archives, it
> has all of this information there already.
> 
Thanks, Greg. That what my original question was about, proper mailing list.
It is indeed very useful to learn an evolution of the framework, there some constraints that make some of the knowledge irrelevant. Say, I have to develop 'minor' LSM for certain kernel version.

thx!



More information about the Kernelnewbies mailing list