Unfortunately I haven't been able work on this since then so its a bit outdated but some of the ideas could be useful for the snet developer and for others developing custom LSM modules.
Incidentally, I believe the ability to stack LSM modules would greatly improve their adoption, this way you could have a number of modules which each do one thing well - ie. AppArmor for file access control and perhaps snet for network access control, rather than trying to have something like SELinux for everything.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds