[Apparmor-general] Where the apparmor modules hooked in the kernel
Crispin Cowan
crispin at novell.com
Thu Apr 26 03:25:37 MDT 2007
S Kalyanasundaram wrote:
> Hi All,
> I have got a basic doubt in apparmor. I was looking at http://en.opensuse.org/AppArmor_Detail It says the system call is not being replaced and it is hooked deep in to the kernel. Still i dont understand like how it really works. Is it something like prepended with system call tables entries, but how? Is it hooked before vfs? Can anybody give me some visible to me on how the access flow from application happens?
>
The question you are asking is about LSM, not AppArmor. For answers,
read this paper:
"Linux Security Modules: General Security Support for the Linux Kernel".
Chris Wright, Crispin Cowan, Stephen Smalley, James Morris, and Greg
Kroah-Hartman. Presented at the 11^th USENIX Security Symposium
<http://www.usenix.org/events/sec02/>, San Francisco, CA, August 2002.
PDF <http://crispincowan.com/%7Ecrispin/lsm-usenix02.pdf>.
Crispin
--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering http://novell.com
More information about the Apparmor-general
mailing list