On 12/12/2012 7:55 AM, Eric Paris wrote: > On Wed, 2012-12-12 at 07:48 -0800, Casey Schaufler wrote: > > How about asking every LSM to implement a new 'enable' function. If the > LSM is not 'present' only the new 'enable' function can be used. If the > LSM is present either the legacy enable function every LSM uses today or > the new enable function can be used. Thus even if you build the kernel > with stacking, you cannot enable a non-present LSM unless the tools have > been updated. I'm sorry, but I am having trouble understanding what you're suggesting. > > I'd envision for SELinux it would mean that we would disable/not > expose/whatever /sys/fs/selinux/load when SELinux was not present. And > we'd have a new /sys/fs/selinux/new_load which could be used in its > place. > > Thoughts? > > -Eric > > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
