Navigation
Recherche
|
[$] A security-module hook for user-namespace creation
jeudi 4 août 2022, 16:10 , par LWN.net
The Linux Security Module (LSM) subsystem works by way of an extensive set
of hooks placed strategically throughout the kernel. Any specific security module can attach to the hooks for the behavior it intends to govern and be consulted whenever a decision needs to be made. The placement of LSM hooks often comes with a bit of controversy; developers have been known to object to the performance cost of hooks in hot code paths, and sometimes there are misunderstandings over how integration with LSMs should be handled. The disagreement over a security hook for the creation of user namespaces, though, is based on a different sort of concern.
https://lwn.net/Articles/903580/
|
56 sources (32 en français)
Date Actuelle
mer. 24 avril - 06:22 CEST
|