evm_inode_init_security and module stacking
Casey Schaufler
casey at schaufler-ca.com
Sat Aug 19 00:14:22 UTC 2017
I'm looking at the code in evm_inode_init_security
and it looks like there's no way it could be taught
to deal with there being more than one security
attribute being controlled. This is because the
EVM data is stored in XATTR_EVM_SUFFIX, for which
there is only one per file. On a system with both
SELinux and Smack, there isn't a place to put the
EVM attribute for whichever module comes second.
Or, as has often been the case, am I missing something?
Thank you.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list