> > At least one antivirus software (which allows > > anonymous download of LKM source code) is using LSM hooks since > > Linux 2.6.32 > > instead of rewriting syscall tables. We are already allowing > > multiple concurrent > > LSM modules (up to one fully armored module which uses "struct > > cred"->security > > field or exclusive hooks like security_xfrm_state_pol_flow_match(), > > plus > > unlimited number of lightweight modules which do not use "struct > > cred"->security > > nor exclusive hooks) as long as they are built into the kernel. > > There is no > > reason to keep LKM based LSM modules from antivirus software or > > alike away. > > We're not to the point where in-kernel modules are stacking fully. > Not everyone is on board for that, but hope springs eternal. Part > of the design criteria I'm working under is that it shouldn't > preclude loadable modules, and I still think that's doable. The > patch James proposed is completely compatible with this philosophy. > You can argue that it requires a loadable module configuration be > less "hardened", but the opponents of loadable modules say that is > inherent to loadable modules. FWIW, the full infrastructure for read-only data from PaX includes a way to make data temporary writable for a kernel thread. In PaX, __ro_after_init was/is called __read_only and pax_open_kernel / pax_close_kernel make it usable for rarely written data. That could easily land before loadable LSMs.
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
