* Architectural doubts
@ 2005-01-06 20:54 Juan González
2005-01-06 21:03 ` Stephen Smalley
0 siblings, 1 reply; 5+ messages in thread
From: Juan González @ 2005-01-06 20:54 UTC (permalink / raw)
To: selinux
SELinux is currently implemented as an LSM module or is a variant of LSM itself?
Thanks,
Juan
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Architectural doubts
2005-01-06 20:54 Architectural doubts Juan González
@ 2005-01-06 21:03 ` Stephen Smalley
2005-01-06 22:04 ` Juan González
0 siblings, 1 reply; 5+ messages in thread
From: Stephen Smalley @ 2005-01-06 21:03 UTC (permalink / raw)
To: Juan González; +Cc: selinux
On Thu, 2005-01-06 at 15:54, Juan González wrote:
> SELinux is currently implemented as an LSM module or is a variant of LSM itself?
As a module that relies on the LSM framework. SELinux started life as
its own kernel patch implementing the Flask architecture in the Linux
kernel, with the security policy logic encapsulated in the security
server (policy engine). Then, when the LSM project was started, the
SELinux project participated in the development of the LSM framework and
SELinux was rewritten to use LSM, encapsulating all of SELinux
(including the Flask architecture and the security server) within the
SELinux module. Then both LSM and SELinux were merged into the mainline
kernel, and are both included in Linux 2.6.
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Architectural doubts
2005-01-06 21:03 ` Stephen Smalley
@ 2005-01-06 22:04 ` Juan González
2005-01-07 11:11 ` Jaspreet Singh
2005-01-07 12:11 ` Stephen Smalley
0 siblings, 2 replies; 5+ messages in thread
From: Juan González @ 2005-01-06 22:04 UTC (permalink / raw)
To: Stephen Smalley; +Cc: selinux
Me question is, SELinux and LSM share the method to catch system
entry, via hooks.
I'm right?¿
Juan
On Thu, 06 Jan 2005 16:03:06 -0500, Stephen Smalley <sds@epoch.ncsc.mil> wrote:
> On Thu, 2005-01-06 at 15:54, Juan González wrote:
> > SELinux is currently implemented as an LSM module or is a variant of LSM itself?
>
> As a module that relies on the LSM framework. SELinux started life as
> its own kernel patch implementing the Flask architecture in the Linux
> kernel, with the security policy logic encapsulated in the security
> server (policy engine). Then, when the LSM project was started, the
> SELinux project participated in the development of the LSM framework and
> SELinux was rewritten to use LSM, encapsulating all of SELinux
> (including the Flask architecture and the security server) within the
> SELinux module. Then both LSM and SELinux were merged into the mainline
> kernel, and are both included in Linux 2.6.
>
> --
> Stephen Smalley <sds@epoch.ncsc.mil>
> National Security Agency
>
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Architectural doubts
2005-01-06 22:04 ` Juan González
@ 2005-01-07 11:11 ` Jaspreet Singh
2005-01-07 12:11 ` Stephen Smalley
1 sibling, 0 replies; 5+ messages in thread
From: Jaspreet Singh @ 2005-01-07 11:11 UTC (permalink / raw)
To: Juan González; +Cc: nsa
Hi,
On Thu, 2005-01-06 at 23:04 +0100, Juan González wrote:
> Me question is, SELinux and LSM share the method to catch system
> entry, via hooks.
> I'm right?¿
>
Of course yes. LSM is all about hooks. There are 167+ hooks in the
kernel which implement MAC (Mandatory Access Control) parallel to good
old DAC (Discretionary Access Control).
Jaspreet
>
> On Thu, 06 Jan 2005 16:03:06 -0500, Stephen Smalley <sds@epoch.ncsc.mil> wrote:
> > On Thu, 2005-01-06 at 15:54, Juan González wrote:
> > > SELinux is currently implemented as an LSM module or is a variant of LSM itself?
> >
> > As a module that relies on the LSM framework. SELinux started life as
> > its own kernel patch implementing the Flask architecture in the Linux
> > kernel, with the security policy logic encapsulated in the security
> > server (policy engine). Then, when the LSM project was started, the
> > SELinux project participated in the development of the LSM framework and
> > SELinux was rewritten to use LSM, encapsulating all of SELinux
> > (including the Flask architecture and the security server) within the
> > SELinux module. Then both LSM and SELinux were merged into the mainline
> > kernel, and are both included in Linux 2.6.
> >
> > --
> > Stephen Smalley <sds@epoch.ncsc.mil>
> > National Security Agency
> >
> >
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
--
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Architectural doubts
2005-01-06 22:04 ` Juan González
2005-01-07 11:11 ` Jaspreet Singh
@ 2005-01-07 12:11 ` Stephen Smalley
1 sibling, 0 replies; 5+ messages in thread
From: Stephen Smalley @ 2005-01-07 12:11 UTC (permalink / raw)
To: Juan González; +Cc: selinux
On Thu, 2005-01-06 at 17:04, Juan González wrote:
> Me question is, SELinux and LSM share the method to catch system
> entry, via hooks.
> I'm right?
LSM defines the hook interfaces and locations, and SELinux implements
the hook functions with its own processing.
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-01-07 12:16 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-01-06 20:54 Architectural doubts Juan González
2005-01-06 21:03 ` Stephen Smalley
2005-01-06 22:04 ` Juan González
2005-01-07 11:11 ` Jaspreet Singh
2005-01-07 12:11 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.