LSM Stacking - What You Can Do Now and What's Next - Casey Schaufler, Intel
Forum 1

Speakers: Casey Schaufler
Before the 5.1 Linux kernel it was only possible to combine Linux security modules (LSM) that don't use extended security "blobs". With the introduction of infrastructure blob management it is now possible for a limited set of extended system security data to be shared, allowing greater flexibility in security module combination. This talk will describe what data can currently be shared. It moves on to describe plans to expand the blobs that can be shared. Plans for achieving the ultimate goal of complete module stacking wrap up the presentation. Feedback on the plans, and suggestions for alternatives and improvements are solicited.

свернуть