Linux Security Summit 2015/Abstracts/Schaufler Stacking
Jump to navigation
Jump to search
Title
Discussion: Linux Security Module Stacking Next Steps
Presenter
Casey Schaufler
Abstract
The basic underpinnings for security module stacking went into Linux 4.2. It is now possible to use multiple simple modules at the same time as a single sophisticated one. But there are serious limitations. Simple modules can't use any of the managed security blobs. There is no way to specify which modules you want on the boot line.
There are many things to discuss:
- Format of the security= boot option
- Security blobs
- A "context" that allows for more than one module
- /proc interfaces
- The impact on audit
- Secids
- Networking
and we'll ask for any additional topics at the beginning.