The secmark "one user" policy
James Morris
jmorris at namei.org
Sun Jun 25 09:41:12 UTC 2017
On Fri, 23 Jun 2017, Casey Schaufler wrote:
> On 6/22/2017 8:12 PM, James Morris wrote:
> > On Thu, 22 Jun 2017, Casey Schaufler wrote:
> >
> >> The combination of SELinux, Smack, AppArmor and/or TOMOYO is not
> >> the goal so much as the test case. MAC was the coolest possible
> >> technology in 1990. We've implemented it. I don't see anyone doing
> >> a new MAC implementation. I *do* see security modules that implement
> >> other security models in the pipeline. Some of these need to maintain
> >> state, which means using security blobs in the LSM architecture.
> >> Some of these models will want to use secmarks to implement socket
> >> based controls.
> > Where are these LSMs and where are the discussions about their LSM API
> > needs?
>
> LandLock, CaitSith, LoadPin (now in), Checmate, HardChroot,
> PTAGS, SimpleFlow, SafeName, WhiteEgret, shebang, and S.A.R.A.
> have all been discussed on the LSM list in the past two years.
Which of these need to use secmarks to implement socket controls?
--
James Morris
<jmorris at namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list