TOMOYO's pull request for v6.12
Casey Schaufler
casey at schaufler-ca.com
Sat Oct 5 16:10:08 UTC 2024
On 10/5/2024 12:10 AM, Tetsuo Handa wrote:
> ... It is possible that an attempt to make it
> possible to use SELinux and Smack together is a wrong direction. Even if SELinux
> and TSEM conflicts about their security models (and cannot be used together), it
> might not be something we need to care...
In the past I have said that having SELinux and Smack on the same system
is the test case for module stacking, but that I didn't see it having a
practical application. I have since been presented with a use case that
seems reasonable. Because LSM is a mechanism for additional restrictions
it is impossible for two security models to "conflict". LSMs *must* be
written to allow for cases where access is denied for other reasons. You
never get to the MAC check if the DAC check has already failed. If TSEM
can't handle what SELinux or TOMOYO decides it shouldn't be accepted.
Of course, there are details of the Linux kernel (e.g. secmarks) that
prove the rule. These are not issues of "model", but of implementation.
More information about the Linux-security-module-archive
mailing list