Re: Linux Security Module Interface

[Greg KH <greg@wirex.com>]

On Wed, Apr 11, 2001 at 05:30:44AM +0200, Milan Pikula - WWW wrote:
> 
> This all sounds like re-inventing a wheel. Such activities already
> exist - the interface we are talking about is now named GACI,
> Generic Access Control Interface, and it has mailing list somewhere
> in Germany. Don't know the subscribe address, but the list address
> is gaci@compuniverse.de. I am sure that you will find some archives
> about this and join the existing comunity instead of creating something,
> which is exactly the same.

I took a look through the archives, and it seems that GACI is a bit like
what we want to accomplish.  But it doesn't look like there has been any
development on GACI in quite a number of months, and I'm not sure if
GACI can handle the "generic" model good enough (rough guess after
skimming the mailing list archives, please correct me if I'm wrong.)

RSBAC, LIDS, SELinux and many other current Linux security
implementations all need these kind of hooks in the kernel in order to
get a wider use of their code.  That is what the goal of this project
is.  See the comments by Linus at the Kernel 2.5 Developers conference
during the presentation of SELinux for a more detailed description of
what we are trying to accomplish.  Also a first cut at a design document
will be published in a few days on the mailing list.  Take a look at it,
and give feedback if you wish.

thanks,

greg k-h

-- 
greg@(kroah|wirex).com
http://immunix.org/~greg
-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/