Is there mailist about LSM
Greg KH
greg at kroah.com
Wed May 30 14:35:28 EDT 2018
On Wed, May 30, 2018 at 09:13:46PM +0300, Ozgur Kara wrote:
>
>
> 30.05.2018, 21:08, "valdis.kletnieks at vt.edu" <valdis.kletnieks at vt.edu>:
> > On Wed, 30 May 2018 10:37:25 -0700, you said:
> >
> >> First, theoretical, I suppose: what were the reasons to effectively disable dynamic loading of LSM ?
> >
> > Because that implies the system was up without the LSM loaded - at which point
> > somebody can have tampered with whatever labelling the LSM uses. So we
> > insist that the LSM be brought online very early during the boot process, to make
> > sure that the LSM has a chance to stop any unauthorized relabeling.
> >
> >> Second, is there a way for two or more LSMs to co-exist? After inspecting
> >> security_module_enable() and register_security(), it doesn't seem possible,
> >> however yama does attempt to load itself? Am I missing something?
> >
> > There's some support for one "large" LSM and a "trivial" one like yama.
> > There's very real and nasty interactions if you try to run (for instance)
> > SELinux and AppArmor at the same time. The composition of multiple
> > MAC systems is fraught with danger (go back and look at how long it took
> > us to get file capabilities to work right...)
>
> SElinux and AppArmor are completely disappointing.
> Really.
Fair enough, you are free to create a competing LSM. This is the very
reason that the interface was made in the first place. Because no one
can decide what the "best" security model is for everyone else.
Thanks for proving the design decision was a correct one :)
greg k-h
More information about the Kernelnewbies
mailing list