On Mon, Aug 02, 2010 at 07:33:26PM +0200, Christian Stroetmann wrote: > structure of the other LSMs, especially if it becomes large and in > this way important to be followed by only growing it with > functionalities taken from other security packages. If you say that > the way of the Yama LSM is the right way to do it in general, then > we don't need a new LSM like Yama, but a new LSM architecture. Well, trying to get these protections into mainline does seem to be demonstrating a need for some kind of security architecture that isn't LSM. As for chaining, I was considering introducing basic "first non-zero return code wins" chain of LSMs, but the chain could include only up to 1 LSM that implements the proc attr hook (though the prctl handler isn't non-zero but rather non-ENOSYS). -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
