evm_inode_init_security and module stacking
Casey Schaufler
casey at schaufler-ca.com
Fri Jan 18 00:47:57 UTC 2019
security_inode_init_security() currently calls at most one
of selinux_inode_init_security() and smack_inode_init_security().
It then sends the result to evm_inode_init_security to create
the security.evm attribute. This isn't going to work on a system
that has both SELinux and Smack.
I see two options:
- create security.evm with the information from all
security modules that provide inode_init_security hooks
- create a separate attribute for each module,
security.evm-selinux and security.evm-smack in the
current case.
How would you like to have it work? I am agnostic, although the
separate attributes would be easier for the infrastructure.
More information about the Linux-security-module-archive
mailing list