LSM: loadable or static?
LSM: loadable or static?
Posted Oct 25, 2007 9:09 UTC (Thu) by jcm (subscriber, #18262)Parent article: LSM: loadable or static?
Personally, I think it's absolutely essential to be able to build a kernel with dynamic LSM. Whether we like it or not, people do want to add in runtime loadable security modules for things like virus scanners, and until upstream offers these folks a viable alternative to LSM...well, they'll use it. Jon.
Posted Jan 25, 2008 14:14 UTC (Fri)
by Dwokfur (guest, #50126)
[Link]
LSM: loadable or static?
So do I.
One example is: dazuko for on-access virus scanning.
http://lwn.net/Articles/206075/
If Linux wants to care about security, he should move on and incorporate PaX, Grsecurity or
RSBAC.
Using Grsec you can load whatever modules you want at start time, and keep the system in that
states blocking further module changes. This is a better working approach, which takes care
more than just the LSM subsystem.
Regards,
Dw.