On Wed, 30 May 2018 14:05 -0400, valdis.kletnieks@xxxxxx wrote: > On Wed, 30 May 2018 10:37:25 -0700, you said: > > > First, theoretical, I suppose: what were the reasons to effectively disable dynamic loading of LSM ? > > Because that implies the system was up without the LSM loaded - at which > point > somebody can have tampered with whatever labelling the LSM uses. So we > insist that the LSM be brought online very early during the boot > process, to make > sure that the LSM has a chance to stop any unauthorized relabeling. > Understood. It thus implies, custom kernel build, right? > > Second, is there a way for two or more LSMs to co-exist? After inspecting > > security_module_enable() and register_security(), it doesn't seem possible, > > however yama does attempt to load itself? Am I missing something? > > There's some support for one "large" LSM and a "trivial" one like yama. What this some support would be then? Suppose I have stateless LSM, don't really interested in using any objects' blobs. What would be a proper way to register a hook or two then? > There's very real and nasty interactions if you try to run (for instance) > SELinux and AppArmor at the same time. The composition of multiple > MAC systems is fraught with danger (go back and look at how long it took > us to get file capabilities to work right...) thx! _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
