Kernel Summit 2006: Security
Posted Jul 19, 2006 11:45 UTC (Wed) by Method
In reply to: Kernel Summit 2006: Security
Parent article: Kernel Summit 2006: Security
SELinux is implemented under a framework called Flask (http://www.cs.utah.edu/flux/fluke/html/flask.html). It abstracts the details of the underlying hooks from the security server (which just cares about giving the requested decision).
LSM also does this but in a less useful way (they are only hooks with no kind of infrastructure whatsoever). So SELinux does not need LSM because Flask already provides the same thing.
That said, Flask can support any kind of security server, in fact several security models are implemented in SELinux' security server, RBAC (of sorts), Type Enforcement (the main SELinux security model) and MLS (Multi-level security, classic Trusted OS MAC)
to post comments)