linux-security-module April 2007 archive
Main Archive Page > Month Archives  > linux-security-module archives
linux-security-module: New to LSM list. A few questions.

New to LSM list. A few questions.

From: Cliffe <cliffe_at_nospam>
Date: Thu Apr 26 2007 - 08:46:44 GMT
To: linux-security-module <linux-security-module@vger.kernel.org>


G’day,

I am a PhD candidate. My research project will involve implementing an experimental access control model as a LSM. I have some programming background (I teach intro to C and Java); however, I am new to kernel programming.

So I thought I would introduce myself. Is this mailing list an appropriate place to ask a few questions (and later discuss the resulting LSM)?

I have read two papers about LSM [1, 2] which give a good foundation of LSM, and the Linux Journal root plug example article, and I have started reading through some LSM sources. Are any of these sources outdated? Do you recommend any other must-read sources?

With my [very] limited exposure to kernel-level code I am still not sure how to go about writing information to disk. I know that generally it is forbidden (and there is usually no need to) and there seems to be a number of ways to communicate with user-land processes. But I basically just want to log the arguments to a LSM hook call into a file (to poke around and see exactly what is happening and what LSM operations specific applications invoke). Is this possible or do I need a user-land application to read/accept the data? For example, how does AppArmor (or other LSMs with learning-modes) log application behaviour?

I want to recursively apply the same decision logic to enforce multiple policies (concurrently on the same subjects). Would it be practical to have a primary security module which loads and stacks copies of a secondary module initialised using module parameters to enforce separate policies?

Many thanks,

Z. Cliffe Schreuders

[1] C. Wright, C. Cowan, J. Morris, S. Smalley, and G. Kroah-Hartman,
"Linux Security Modules: General Security Support for the Linux Kernel," Foundations of Intrusion Tolerant Systems, pp. 213-226, 2003.
[2] C. Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-Hartman,
"Linux Security Module Framework," in Ottawa Linux Symposium, 2002.

-
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html