Jamie Nguyen
dysco****@gmail*****
Thu Dec 2 18:51:08 JST 2010
Tetsuo Handa wrote: > One of reasons is that we can't enable multiple LSM modules at the same time. > ( http://lwn.net/Articles/398726/ ) > I believe that we should allow enabling multiple LSM modules at the same time > because label based access control (e.g. SELinux/Smack) and pathname based > access control (e.g. TOMOYO/AppArmor) are complementary. > AKARI/UUID are examples of enabling multiple LSM modules at the same time. I totally agree. Following the LKML discussion was interesting. LSM modules can indeed complement each other, and "chaining" of LSM modules can lead to increased security through the use of a variety of protection techniques. Perhaps things will change. Topics concerning security in the Linux Kernel always seem to generate extensive discussions. >> The latest patch I could find was here [1]. > > Yama is included in Ubuntu 10.10 and later kernels, in a way that both Yama and > one of SELinux/Smack/TOMOYO/AppArmor can be enabled at the same time. > You can get the latest version from > > http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-maverick.git (2.6.35) > http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-natty.git (2.6.37) Thanks for the links. Applying changes from ubuntu-natty to 2.6.36 might be a little harder, but I'll give it a go. Might even switch to 2.6.37-rc4 instead to make life easier. Kind regards
TOMOYO
Fork