* Architectural doubts @ 2005-01-06 20:54 Juan González 2005-01-06 21:03 ` Stephen Smalley 0 siblings, 1 reply; 5+ messages in thread From: Juan González @ 2005-01-06 20:54 UTC (permalink / raw) To: selinux SELinux is currently implemented as an LSM module or is a variant of LSM itself? Thanks, Juan -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Architectural doubts 2005-01-06 20:54 Architectural doubts Juan González @ 2005-01-06 21:03 ` Stephen Smalley 2005-01-06 22:04 ` Juan González 0 siblings, 1 reply; 5+ messages in thread From: Stephen Smalley @ 2005-01-06 21:03 UTC (permalink / raw) To: Juan González; +Cc: selinux On Thu, 2005-01-06 at 15:54, Juan González wrote: > SELinux is currently implemented as an LSM module or is a variant of LSM itself? As a module that relies on the LSM framework. SELinux started life as its own kernel patch implementing the Flask architecture in the Linux kernel, with the security policy logic encapsulated in the security server (policy engine). Then, when the LSM project was started, the SELinux project participated in the development of the LSM framework and SELinux was rewritten to use LSM, encapsulating all of SELinux (including the Flask architecture and the security server) within the SELinux module. Then both LSM and SELinux were merged into the mainline kernel, and are both included in Linux 2.6. -- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Architectural doubts 2005-01-06 21:03 ` Stephen Smalley @ 2005-01-06 22:04 ` Juan González 2005-01-07 11:11 ` Jaspreet Singh 2005-01-07 12:11 ` Stephen Smalley 0 siblings, 2 replies; 5+ messages in thread From: Juan González @ 2005-01-06 22:04 UTC (permalink / raw) To: Stephen Smalley; +Cc: selinux Me question is, SELinux and LSM share the method to catch system entry, via hooks. I'm right?¿ Juan On Thu, 06 Jan 2005 16:03:06 -0500, Stephen Smalley <sds@epoch.ncsc.mil> wrote: > On Thu, 2005-01-06 at 15:54, Juan González wrote: > > SELinux is currently implemented as an LSM module or is a variant of LSM itself? > > As a module that relies on the LSM framework. SELinux started life as > its own kernel patch implementing the Flask architecture in the Linux > kernel, with the security policy logic encapsulated in the security > server (policy engine). Then, when the LSM project was started, the > SELinux project participated in the development of the LSM framework and > SELinux was rewritten to use LSM, encapsulating all of SELinux > (including the Flask architecture and the security server) within the > SELinux module. Then both LSM and SELinux were merged into the mainline > kernel, and are both included in Linux 2.6. > > -- > Stephen Smalley <sds@epoch.ncsc.mil> > National Security Agency > > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Architectural doubts 2005-01-06 22:04 ` Juan González @ 2005-01-07 11:11 ` Jaspreet Singh 2005-01-07 12:11 ` Stephen Smalley 1 sibling, 0 replies; 5+ messages in thread From: Jaspreet Singh @ 2005-01-07 11:11 UTC (permalink / raw) To: Juan González; +Cc: nsa Hi, On Thu, 2005-01-06 at 23:04 +0100, Juan González wrote: > Me question is, SELinux and LSM share the method to catch system > entry, via hooks. > I'm right?¿ > Of course yes. LSM is all about hooks. There are 167+ hooks in the kernel which implement MAC (Mandatory Access Control) parallel to good old DAC (Discretionary Access Control). Jaspreet > > On Thu, 06 Jan 2005 16:03:06 -0500, Stephen Smalley <sds@epoch.ncsc.mil> wrote: > > On Thu, 2005-01-06 at 15:54, Juan González wrote: > > > SELinux is currently implemented as an LSM module or is a variant of LSM itself? > > > > As a module that relies on the LSM framework. SELinux started life as > > its own kernel patch implementing the Flask architecture in the Linux > > kernel, with the security policy logic encapsulated in the security > > server (policy engine). Then, when the LSM project was started, the > > SELinux project participated in the development of the LSM framework and > > SELinux was rewritten to use LSM, encapsulating all of SELinux > > (including the Flask architecture and the security server) within the > > SELinux module. Then both LSM and SELinux were merged into the mainline > > kernel, and are both included in Linux 2.6. > > > > -- > > Stephen Smalley <sds@epoch.ncsc.mil> > > National Security Agency > > > > > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with > the words "unsubscribe selinux" without quotes as the message. -- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Architectural doubts 2005-01-06 22:04 ` Juan González 2005-01-07 11:11 ` Jaspreet Singh @ 2005-01-07 12:11 ` Stephen Smalley 1 sibling, 0 replies; 5+ messages in thread From: Stephen Smalley @ 2005-01-07 12:11 UTC (permalink / raw) To: Juan González; +Cc: selinux On Thu, 2005-01-06 at 17:04, Juan González wrote: > Me question is, SELinux and LSM share the method to catch system > entry, via hooks. > I'm right? LSM defines the hook interfaces and locations, and SELinux implements the hook functions with its own processing. -- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-01-07 12:16 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2005-01-06 20:54 Architectural doubts Juan González 2005-01-06 21:03 ` Stephen Smalley 2005-01-06 22:04 ` Juan González 2005-01-07 11:11 ` Jaspreet Singh 2005-01-07 12:11 ` Stephen Smalley
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.