In the latest version of AppCL LSM the following security hooks are updated to manage the security labelling of the kernel ‘inode’ object (file system objects, such as files, directories and symlinks). SELinux was consulted for inode security labelling techniques :
- Security hook now passes the ‘inode_security_struct’ to the ‘i_security’ attribute within the inode object.
- inode_security_struct is defined in ‘appcl_lsm.h’.
- This is defined as the inode security label.
- AppCL must decide attributes to label within the inode_security_struct, and then manage security decisions using the inode security label values.
- Security hook free’s the allocated inode_security_struct.
The output from the kernel log shows an example inode and some of the values associated with the inode_security_struct (inode security label).
AppCL LSM must properly decide security label attributes, define handlers to process these attributes and mediate access based on application specific identifiers.
To view the public git for this project visit: