Linux.com

invictus

invictus

  • Linux.com Member
  • Posts: 1
  • Member Since: 02 Jun 11
  • Last Logged In: 12 Jun 12

Latest Posts

Posted by
Topic
Post Preview
Posted
  • invictus
    LSM changes and deprecated API?
    Hi, I am reading an (apparently outdated) book about LSM, and when I tried to implement my own module I ran into a couple of issues. All books, tutorials, etc on the topic defined 4 functions in order to register/unregister the LSM module: [quote]register_security unregister_security mod_reg_security mod_unreg_security[/quote] However, looking at the 4 implemented security frameworks in the kernel (selinux, smack, apparmor and tomoyo) neither of these use the latter 3 functions. Looking at security.h reveals that only register_security still exists in the API. This leads to a couple of questions: 1) is it no longer possible to chainload LSM modules? I.e. can only one be loaded at a time so that if I use SELinux I can not use my own module as well? 2) is it no longer possible to unregister the module? If not, why? Thanks in advance for any help you can provide :)
    Link to this post 03 Jun 11

    Hi,

    I am reading an (apparently outdated) book about LSM, and when I tried to implement my own module I ran into a couple of issues. All books, tutorials, etc on the topic defined 4 functions in order to register/unregister the LSM module:

    register_security
    unregister_security
    mod_reg_security
    mod_unreg_security

    However, looking at the 4 implemented security frameworks in the kernel (selinux, smack, apparmor and tomoyo) neither of these use the latter 3 functions. Looking at security.h reveals that only register_security still exists in the API.

    This leads to a couple of questions:

    1) is it no longer possible to chainload LSM modules? I.e. can only one be loaded at a time so that if I use SELinux I can not use my own module as well?
    2) is it no longer possible to unregister the module? If not, why?


    Thanks in advance for any help you can provide :)

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board