tnx for answer,
ok, you're trying to tell me that a lsm hook is something similar to
what an object manager is in FLASK architecture. But in general, all
LSM hooks as a whole can be considered as one object manager, since in
the monolithic linux kernel there are no different object managers.
Now there is one object manager and libselinux exports an interface
to the userspace object managers.
Stephen is referening to FLASK/FLUKE a predecessor of SELinux on
micrkernel architecture.
I'm not not sure, if stephen was referreing to FLASK. For me, he
referred to the current state in linux.
X server is an object manager for its own resources that it manages
and so is Gconf. Dbus is object manager of its IPC objects. The in
kernel security server is the PDP for all while the PEPs are kernel
object managers and the userspace object manager (some mentioned
earlier).
what is PDP und what is PEP(s)?
I hope these examples will clear things.
me too ;)
--
Sebastian Pfaff
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
