Complete coverage in Linux security modules
Posted Oct 13, 2005 10:39 UTC (Thu) by kostikbel1
Parent article: Complete coverage in Linux security modules
I completely disagree that _any_ security module shall do the checks at the open time. One of the most interesting applications of LSM appears when process permissions are based on the process behaviour profile. It is when developing such module, the hole was found. BTW, look for new one involving AIO.
Overall, I have a strong fill that LSM is considered to have only one user, namely SELinux. This is the real cause of reported omission, due to SELinux does not support relabeling.
to post comments)