Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Casey Schaufler <casey <at> schaufler-ca.com>
Subject: [PATCH 0/5] LSM: Multiple concurrent LSMs
Newsgroups: gmane.linux.kernel.lsm
Date: Wednesday 5th September 2012 02:08:56 UTC (over 5 years ago)
Subject: [PATCH 0/5] LSM: Multiple concurrent LSMs

Provide a backward compatible mechanism for using
multiple LSMs on the same running kernel. If an LSM is
not modified to use the interfaces provided in the new
include/linux/lsm.h header lsm_get and lsm_set that
LSM may not participate in stacking, although it will
work just fine in the traditional one at a time way.

As David Howells suggested some time back, making Smack and
SELinux available at that same time has proven quite a
challenge. That work has been deferred and that particular
configuration disallowed.

Performance measurement is in the early stages. The Smack
tests run within the noise with AppArmor, TOMOYO and Yama
enabled in addition to Smack.

This patch set is divided into 5 parts. The first is the
infrastructure and the last 4 make the various LSMs able
to work in the composed environment. Yama, which does not
use LSM security blobs, required no change and gets in free.

The Smack LSM behavior has been tested. AppArmor, TOMOYO,
Yama and SELinux have been shown to boot, but have not been
functionally tested beyond the lack of obvious error messages
and complaints from kernel debugging facilities. The kernels
have been tested with Ubuntu 12.04 and Fedora 17.


 include/linux/lsm.h                 |  261 +++++++++
 include/linux/security.h            |   16 +
 security/Kconfig                    |   57 +-
 security/apparmor/context.c         |   10 +-
 security/apparmor/domain.c          |    8 +-
 security/apparmor/include/context.h |   15 +-
 security/apparmor/lsm.c             |   35 +-
 security/capability.c               |  210 ++++++++
 security/inode.c                    |   51 +-
 security/security.c                 | 1004
++++++++++++++++++++++++++++-------
 security/selinux/hooks.c            |  264 +++++----
 security/selinux/include/objsec.h   |    2 +
 security/selinux/include/xfrm.h     |    2 +-
 security/selinux/selinuxfs.c        |    6 +-
 security/selinux/xfrm.c             |    9 +-
 security/smack/smack.h              |   14 +-
 security/smack/smack_access.c       |    2 +-
 security/smack/smack_lsm.c          |  265 ++++-----
 security/smack/smackfs.c            |   92 +++-
 security/tomoyo/common.h            |    6 +-
 security/tomoyo/domain.c            |    2 +-
 security/tomoyo/securityfs_if.c     |    9 +-
 security/tomoyo/tomoyo.c            |   29 +-
 23 files changed, 1848 insertions(+), 521 deletions(-)

---

--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
 
CD: 3ms