LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

LWN.net Weekly Edition for June 6, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pro LSM stacking

Pro LSM stacking

Posted Jan 7, 2010 15:40 UTC (Thu) by dwheeler (guest, #1216)
Parent article: Restricting the network

I believe LSM stacking *should* be added. Yes, it can be abused, but anything can be abused. It would let people create small special-case LSM modules that could be combined with "big" modules like SELinux.

(Log in to post comments)

Pro LSM stacking

Posted Jan 7, 2010 18:40 UTC (Thu) by eparis123 (guest, #59739) [Link]

The topic of stacking has been mentioned a lot in the linux-security list in the last two years.

Schaufler has been calling for it for a long time, but I remember some core people (Al viro) mentioning possible performance problems due to the increasing number of pointer dereferences in the kernel hot paths.

Ofcourse no one offered an implementation yet so that benchmarks can be done, but it seems we're getting closer to this point.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds