Welcome to the Linux Foundation Forum!

LSM changes and deprecated API?


I am reading an (apparently outdated) book about LSM, and when I tried to implement my own module I ran into a couple of issues. All books, tutorials, etc on the topic defined 4 functions in order to register/unregister the LSM module:





However, looking at the 4 implemented security frameworks in the kernel (selinux, smack, apparmor and tomoyo) neither of these use the latter 3 functions. Looking at security.h reveals that only register_security still exists in the API.

This leads to a couple of questions:

1) is it no longer possible to chainload LSM modules? I.e. can only one be loaded at a time so that if I use SELinux I can not use my own module as well?

2) is it no longer possible to unregister the module? If not, why?

Thanks in advance for any help you can provide :)


Upcoming Training