ok, you're trying to tell me that a lsm hook is something similar to
what an object manager is in FLASK architecture. But in general, all
LSM hooks as a whole can be considered as one object manager, since
in
the monolithic linux kernel there are no different object managers.
The kernel is the object manager. The hooks are merely the points at
which the kernel/object manager is instrumented to enforce a policy
decision.
k, thank you. I think i got it.
Now there is one object manager and libselinux exports an interface
to the userspace object managers.
Stephen is referening to FLASK/FLUKE a predecessor of SELinux on
micrkernel architecture.
I'm not not sure, if stephen was referreing to FLASK. For me, he
referred to the current state in linux.
I think I described both in that paragraph.
k
X server is an object manager for its own resources that it manages
and so is Gconf. Dbus is object manager of its IPC objects. The in
kernel security server is the PDP for all while the PEPs are kernel
object managers and the userspace object manager (some mentioned
earlier).
what is PDP und what is PEP(s)?
Policy decision point, policy enforcement point. Just another
terminology for the same concepts.
tnx
--
Sebastian Pfaff
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
