From: Jaspreet Singh <jsingh@ensim.com>
To: "Juan González" <jgonzale@gmail.com>
Cc: nsa <SELinux@tycho.nsa.gov>
Subject: Re: Architectural doubts
Date: Fri, 07 Jan 2005 16:41:35 +0530 [thread overview]
Message-ID: <1105096295.19541.2.camel@jsingh> (raw)
In-Reply-To: <fd0153ad05010614044e6b7c75@mail.gmail.com>
Hi,
On Thu, 2005-01-06 at 23:04 +0100, Juan González wrote:
> Me question is, SELinux and LSM share the method to catch system
> entry, via hooks.
> I'm right?¿
>
Of course yes. LSM is all about hooks. There are 167+ hooks in the
kernel which implement MAC (Mandatory Access Control) parallel to good
old DAC (Discretionary Access Control).
Jaspreet
>
> On Thu, 06 Jan 2005 16:03:06 -0500, Stephen Smalley <sds@epoch.ncsc.mil> wrote:
> > On Thu, 2005-01-06 at 15:54, Juan González wrote:
> > > SELinux is currently implemented as an LSM module or is a variant of LSM itself?
> >
> > As a module that relies on the LSM framework. SELinux started life as
> > its own kernel patch implementing the Flask architecture in the Linux
> > kernel, with the security policy logic encapsulated in the security
> > server (policy engine). Then, when the LSM project was started, the
> > SELinux project participated in the development of the LSM framework and
> > SELinux was rewritten to use LSM, encapsulating all of SELinux
> > (including the Flask architecture and the security server) within the
> > SELinux module. Then both LSM and SELinux were merged into the mainline
> > kernel, and are both included in Linux 2.6.
> >
> > --
> > Stephen Smalley <sds@epoch.ncsc.mil>
> > National Security Agency
> >
> >
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
--
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-01-07 11:11 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-06 20:54 Architectural doubts Juan González
2005-01-06 21:03 ` Stephen Smalley
2005-01-06 22:04 ` Juan González
2005-01-07 11:11 ` Jaspreet Singh [this message]
2005-01-07 12:11 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1105096295.19541.2.camel@jsingh \
--to=jsingh@ensim.com \
--cc=SELinux@tycho.nsa.gov \
--cc=jgonzale@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.