config does not suggest building it as module. Is it not possible by design?
TIA
-andrey
On Mon, 11 Aug 2003 21:25:04 +0400, Andrey Borzenkov <[email protected]> said:
> config does not suggest building it as module. Is it not possible by design?
It wants to initialize itself as early as possible. If it's a module, then it
can't get itself loaded until *after* userspace has already been started - at
which point we have some unknown number of things already running that don't
have any security context attached to them. Yes, you still need to load policy
from userspace, but at least every process has been tagged with a "yes, we know
about it". In addition, if you're loading from userspace, that's a whole
additional set of attacks on it during the bot (for instance, keeping the
insmod from running at all, inserting a trojaned module or policy, etc etc
etc...)
* Andrey Borzenkov ([email protected]) wrote:
> config does not suggest building it as module. Is it not possible by design?
That's correct. The SELinux module needs to take advantage of early
initialization of all security labels, and thus must be compiled into
the kernel statically.
thanks
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net