User: Password:
|
|
Subscribe / Log in / New account

Another LSM stacking approach

Another LSM stacking approach

Posted Oct 5, 2012 14:59 UTC (Fri) by mathstuf (subscriber, #69389)
In reply to: Another LSM stacking approach by smurf
Parent article: Another LSM stacking approach

Well, except the state that you are now calling LSM B after LSM A.


(Log in to post comments)

Another LSM stacking approach

Posted Oct 5, 2012 15:14 UTC (Fri) by jake (editor, #205) [Link]

> except the state that you are now calling LSM B after LSM A

and the possibility that LSM A gets confused because it allows the access, but LSM B denies it. If LSMs are keeping state (as Casey mentions), that could potentially cause problems.

jake

Another LSM stacking approach

Posted Oct 5, 2012 18:03 UTC (Fri) by PaXTeam (guest, #24616) [Link]

i don't see why there could be a confusion since denying access is the same as failing the operation later for some other reason, say ENOMEM. in either case the LSM allowing the access cannot assume that the operation will actuallly succeed.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds