[RFC] Turn lockdown into an LSM
Matthew Garrett
mjg59 at google.com
Wed May 22 16:48:52 UTC 2019
On Tue, May 21, 2019 at 7:40 PM James Morris <jmorris at namei.org> wrote:
> An LSM could also potentially implement its own policy for the hook.
That was my plan. Right now the hook just gets an ASCII description of
the reason for the lockdown - that seems suboptimal for cases like
SELinux. What information would you want? My initial thinking was to
just have a stable enum of lockdown reasons that's in the UAPI headers
and then let other LSM tooling consume that, but I haven't spent
enough time with the internals of SELinux to know if there'd be a more
attractive solution.
More information about the Linux-security-module-archive
mailing list