As I read through LWN today, I noted the following comment,
http://lwn.net/Articles/255832/ :
Personally, I think it's absolutely essential to be able to
build a kernel with dynamic LSM. Whether we like it or not,
people do want to add in runtime loadable security modules for
things like virus scanners, and until upstream offers these
folks a viable alternative to LSM...well, they'll use it.
Which reminded me of the TuxGuardian LSM[1] - another of the real-world
uses to meet Linus's criteria? ("had examples of their real-world use to
step forward and explain their use")
In this specific project, LSM is used to collect up calls to bind() and
connect() and pass them to userspace, e.g. do it ZoneAlarm-style and
display a dialog window. Its codebase is probably not too up-to-date
(website says last change last April - but I guess that's a no-brainer
to update it).
[1] http://tuxguardian.sf.net/
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
