linux-security-module November 2007 archive
Main Archive Page > Month Archives  > linux-security-module archives
linux-security-module: File descriptor object capability LSM mod

File descriptor object capability LSM module. Feasability?

From: Rob Meijer <capibara_at_nospam>
Date: Mon Nov 05 2007 - 21:41:12 GMT

A while ago I asked some questions on the subject of at* system calls on the list and got rather dismissive responses. After having given up on the whole concept for a while, the recent discussions on this list have made me put some more efford into trying to define more clearly what I would like to try to achieve.

I am interested to learn if from this short document it is clear what I would like to accomplish with an FdOC LSM module, and if this is clear, if the things that would be required as patches to the LSM base code would potentialy be acceptable to achieve the goal of making an LSM module that more or less confirms to the object capability model.

Further I would like to hear (if the abouve are feasable), if I should build an LSM module for just this purpose, or if I should try to put the sugested functionality in a patch set proposal for an existing LSM implementation that could be complementary (AppArmor would seem like a good complementary functionality).


Rob J Meijer

To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to More majordomo info at