|Main Archive Page > Month Archives > linux-security-module archives|
I am a PhD candidate. My research project will involve implementing an experimental access control model as a LSM. I have some programming background (I teach intro to C and Java); however, I am new to kernel programming.
So I thought I would introduce myself. Is this mailing list an appropriate place to ask a few questions (and later discuss the resulting LSM)?
I have read two papers about LSM [1, 2] which give a good foundation of LSM, and the Linux Journal root plug example article, and I have started reading through some LSM sources. Are any of these sources outdated? Do you recommend any other must-read sources?
With my [very] limited exposure to kernel-level code I am still not sure how to go about writing information to disk. I know that generally it is forbidden (and there is usually no need to) and there seems to be a number of ways to communicate with user-land processes. But I basically just want to log the arguments to a LSM hook call into a file (to poke around and see exactly what is happening and what LSM operations specific applications invoke). Is this possible or do I need a user-land application to read/accept the data? For example, how does AppArmor (or other LSMs with learning-modes) log application behaviour?
I want to recursively apply the same decision logic to enforce multiple policies (concurrently on the same subjects). Would it be practical to have a primary security module which loads and stacks copies of a secondary module initialised using module parameters to enforce separate policies?
Z. Cliffe Schreuders
 C. Wright, C. Cowan, J. Morris, S. Smalley, and G. Kroah-Hartman,
"Linux Security Modules: General Security Support for the Linux Kernel," Foundations of Intrusion Tolerant Systems, pp. 213-226, 2003.
 C. Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-Hartman,
"Linux Security Module Framework," in Ottawa Linux Symposium, 2002.
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to firstname.lastname@example.org More majordomo info at http://vger.kernel.org/majordomo-info.html