System Calls for the Linux Security Module Infrastructure - Casey Schaufler, The Smack Project
Speakers: Casey Schaufler
Linux security modules have traditionally provided special purpose filesystem interfaces for administration and process attribute manipulation. Applications may encounter problems when different security modules use different interfaces for what is essentially equivalent information. Worse yet, they have problems when the same interface is used for significantly different information. Efforts to address these issues while continuing to use filesystem interfaces instead highlighted these shortcomings. Rather than continue to fight with filesystem interfaces a new set of system calls are being introduced. This talk will describe the problems with the filesystem interfaces, the advantages of system calls, and the initial set of system calls being introduced. Some of the challenges encountered will be discussed. Implications for applications and future LSM directions will also be presented.