[PATCH v7 0/6] Safe LSM (un)loading, and immutable hooks
James Morris
jmorris at namei.org
Tue May 1 19:02:11 UTC 2018
On Mon, 30 Apr 2018, Sargun Dhillon wrote:
> > It varies. Container people are a diverse lot.
> >
> >> Use different LSM module for different container?
> >
> One dumb use case I have is the ability to limit interactions with
> PTYs for containerized applications. Another aspect of this is being
> able to write policies in C, and actually being able to control the
> nitty gritty of what's going on, versus actively fighting with the
> LSM(s).
Writing policies in C sounds like a breach of the principle of separating
mechanism and policy. This has been an important aspect of the LSM API
and also of the major LSMs. Hard-coded security policy is likely to be
brittle, inflexible, and difficult to manage. It's also blurring the
boundary of LSM with the rest of the kernel, and making it even more
difficult for core kernel developers to know what might break in LSM land
when they make changes elsewhere.
Can you provide an example of what you want to do?
--
James Morris
<jmorris at namei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list