Linux Security Summit 2015/Abstracts/Schaufler Stacking

From Linux Kernel Security Subsystem
(Difference between revisions)
Jump to: navigation, search
(Created page with "== Title == Discussion: Linux Security Module Stacking Next Steps == Presenter == Casey Schaufler == Abstract == The basic underpinnings for security module stacking went...")
 
(Abstract)
 
Line 17: Line 17:
  
 
There are many things to discuss:
 
There are many things to discuss:
        Format of the security= boot option
+
* Format of the security= boot option
        Security blobs
+
* Security blobs
        A "context" that allows for more than one module
+
* A "context" that allows for more than one module
        /proc interfaces
+
* /proc interfaces
        The impact on audit
+
* The impact on audit
        Secids
+
* Secids
        Networking
+
* Networking
  
 
and we'll ask for any additional topics at the beginning.
 
and we'll ask for any additional topics at the beginning.

Latest revision as of 13:36, 1 July 2015

[edit] Title

Discussion: Linux Security Module Stacking Next Steps

[edit] Presenter

Casey Schaufler

[edit] Abstract

The basic underpinnings for security module stacking went into Linux 4.2. It is now possible to use multiple simple modules at the same time as a single sophisticated one. But there are serious limitations. Simple modules can't use any of the managed security blobs. There is no way to specify which modules you want on the boot line.

There are many things to discuss:

  • Format of the security= boot option
  • Security blobs
  • A "context" that allows for more than one module
  • /proc interfaces
  • The impact on audit
  • Secids
  • Networking

and we'll ask for any additional topics at the beginning.

Personal tools
Namespaces

Variants
Actions
Navigation
Tools