On Wed, 30 May 2018 10:37:25 -0700, you said: > First, theoretical, I suppose: what were the reasons to effectively disable dynamic loading of LSM ? Because that implies the system was up without the LSM loaded - at which point somebody can have tampered with whatever labelling the LSM uses. So we insist that the LSM be brought online very early during the boot process, to make sure that the LSM has a chance to stop any unauthorized relabeling. > Second, is there a way for two or more LSMs to co-exist? After inspecting > security_module_enable() and register_security(), it doesn't seem possible, > however yama does attempt to load itself? Am I missing something? There's some support for one "large" LSM and a "trivial" one like yama. There's very real and nasty interactions if you try to run (for instance) SELinux and AppArmor at the same time. The composition of multiple MAC systems is fraught with danger (go back and look at how long it took us to get file capabilities to work right...)
Attachment:
pgpxuRCIK6lh6.pgp
Description: PGP signature
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
