http://kernsec.org/wiki/index.php?action=history&feed=atom&title=Linux_Security_Summit_2013%2FAbstracts%2FSchaufler 2026-04-20T09:02:19Z Revision history for this page on the wiki MediaWiki 1.36.1 http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2013/Abstracts/Schaufler&diff=3470&oldid=prev 2013-08-02T05:39:50Z

<p>New page: == Title == Multiple Concurrent Security Models? Really? == Presenter == Casey Schaufler, Intel == Abstract == This talk will cover the ongoing work to update the Linux Security Modu...</p> <p><b>New page</b></p><div>== Title ==<br /> <br /> Multiple Concurrent Security Models? Really?<br /> <br /> == Presenter ==<br /> <br /> Casey Schaufler, Intel<br /> <br /> == Abstract ==<br /> <br /> This talk will cover the ongoing work to update the<br /> Linux Security Module (LSM) infrastructure to allow<br /> multiple concurrent security modules.<br /> <br /> The talk starts with a statement of the problem being<br /> solved, that the existing infrastructure allows only<br /> a single LSM (plus Yama) to be active at a time. The<br /> rationale for the current scheme will be discussed as<br /> well as what has changed so that the new scheme is in<br /> the works.<br /> <br /> The talk continues with a description of the externally<br /> visible changes and the reasons they've been made.<br /> The peculiar configuration issues with networking will<br /> be covered in some detail. The additions in /proc/.../attr<br /> will be noted.<br /> <br /> Next the structure of the stacking mechanism is detailed,<br /> with special attention to the allocation and freeing of<br /> security blobs. The handling of networking hooks and<br /> secids will be examined.<br /> <br /> Finally, the current project plan and status will be<br /> described.</div>

JamesMorris