On Thu, 12 May 2011, Ingo Molnar wrote: > > 2) Why should this concept not be made available wider, to allow the > restriction of not just system calls but other security relevant components > of the kernel as well? Because the aim of this is to reduce the attack surface of the syscall interface. LSM is the correct level of abstraction for general security mediation, because it allows you to take into account all relevant security information in a race-free context. > This too, if you approach the problem via the events code, will be a natural > end result, while if you approach it from the seccomp prctl angle it will be > a limited hack only. I'd say it's a well-defined and readily understandable feature. - James -- James Morris <jmorris@xxxxxxxxx>
