30.05.2018, 21:08, "valdis.kletnieks@xxxxxx" <valdis.kletnieks@xxxxxx>: > On Wed, 30 May 2018 10:37:25 -0700, you said: > >> First, theoretical, I suppose: what were the reasons to effectively disable dynamic loading of LSM ? > > Because that implies the system was up without the LSM loaded - at which point > somebody can have tampered with whatever labelling the LSM uses. So we > insist that the LSM be brought online very early during the boot process, to make > sure that the LSM has a chance to stop any unauthorized relabeling. > >> Second, is there a way for two or more LSMs to co-exist? After inspecting >> security_module_enable() and register_security(), it doesn't seem possible, >> however yama does attempt to load itself? Am I missing something? > > There's some support for one "large" LSM and a "trivial" one like yama. > There's very real and nasty interactions if you try to run (for instance) > SELinux and AppArmor at the same time. The composition of multiple > MAC systems is fraught with danger (go back and look at how long it took > us to get file capabilities to work right...) SElinux and AppArmor are completely disappointing. Really. > _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
