Preferred subj= with multiple LSMs
James Morris
jmorris at namei.org
Wed Jul 17 04:36:46 UTC 2019
On Tue, 16 Jul 2019, Paul Moore wrote:
> The subj_X approach is still backwards compatible, the difference is
> that old versions of the tools get a "?" for the LSM creds which is a
> rather sane way of indicating something is different.
This will still break existing userspace, right? We can't do that.
> Once again, I believe that the subj_X approach is going to be faster
> than safely parsing the multiplexed format.
What about emitting one audit record for each LSM?
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list