-
invictus
-
LSM changes and deprecated API?
-
Hi,
I am reading an (apparently outdated) book about LSM, and when I tried to implement my own module I ran into a couple of issues. All books, tutorials, etc on the topic defined 4 functions in order to register/unregister the LSM module:
[quote]register_security
unregister_security
mod_reg_security
mod_unreg_security[/quote]
However, looking at the 4 implemented security frameworks in the kernel (selinux, smack, apparmor and tomoyo) neither of these use the latter 3 functions. Looking at security.h reveals that only register_security still exists in the API.
This leads to a couple of questions:
1) is it no longer possible to chainload LSM modules? I.e. can only one be loaded at a time so that if I use SELinux I can not use my own module as well?
2) is it no longer possible to unregister the module? If not, why?
Thanks in advance for any help you can provide :)
-
03 Jun 11
Hi,
I am reading an (apparently outdated) book about LSM, and when I tried to implement my own module I ran into a couple of issues. All books, tutorials, etc on the topic defined 4 functions in order to register/unregister the LSM module:
register_security
unregister_security
mod_reg_security
mod_unreg_security
However, looking at the 4 implemented security frameworks in the kernel (selinux, smack, apparmor and tomoyo) neither of these use the latter 3 functions. Looking at security.h reveals that only register_security still exists in the API.
This leads to a couple of questions:
1) is it no longer possible to chainload LSM modules? I.e. can only one be loaded at a time so that if I use SELinux I can not use my own module as well?
2) is it no longer possible to unregister the module? If not, why?
Thanks in advance for any help you can provide :)
