Date: Tue, 10 Apr 2001 17:04:12 -0700
From: Crispin Cowan <crispin@WIREX.COM>
Organization: WireX Communications, Inc.
Subject: Linux Security Module Interface
One of the byproducts of the Linux 2.5 Kernel Summit
http://lwn.net/2001/features/KernelSummit/ was the notion of an
enhancement of the loadable kernel module interface to facilitate
security-oriented kernel modules. The purpose is to ease the
tension between folks (such as Immunix and SELinux) who want to add
substantial security capabilities to the kernel, and other folks
who want to minimize kernel bloat & have no use for such
Modules that can be loaded, or not, are the obvious solution,
but the current LKM does not export sufficient hooks to support
many security mechanisms. Thus many current security enhancements
end up existing as kernel patches, which marginalizes their utility
by making distribution problematic. The proposed solution is to
enhance the LKM with a variety of new kernel elements exported to
the module interface, so as to support a reasonable variety of
We have started a new mailing list called linux-security-module.
The charter is to design, implement, and maintain suitable
enhancements to the LKM to support a reasonable set of security
enhancement packages. The prototypical module to be produced would
be to port the POSIX Privs code out of the kernel and make it a
module. An essential part of this project will be that the
resulting work is acceptable for the mainline Linux kernel.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.