Re: [Dazuko-help] ON_EXEC and Linux 2.6

[Ajay Surie]

John,

Thank you for your prompt response.

> With RSBAC Dazuko is more tightly integrated with the system calls. These
> classifications are sure to be more reliable.

This is very useful. However, my intended use for Dazuko has changed 
somewhat. I would like a 3rd party application to manage on-demand 
scanning, but with the scan process starting as early in the boot 
process as possible, preferably as soon as control is passed to the kernel.

It looks like as a kernel module Dazuko would be loaded during the 
execution of rc.sysinit. A user daemon would be loaded much later in the 
boot process, which would prevent scanning of all prior files accessed 
during boot.

Is it possible to have Dazuko loaded early in the boot process with the 
kernel, rather than as a kernel module? My idea here was that Dazuko 
could be involved in the scanning process and pass the results to a user 
daemon once it had registered itself. An alternative here would be to 
write a scanner based on one of the security frameworks that lives 
entirely in the kernel.  However, I don't want to reinvent the wheel 
since Dazuko already does a good job communicating with user space 
daemons, which I need for this implementation.

Any thoughts/suggestions on the above would be appreciated. I have spent 
some time reading the Dazuko source, but perspective from somebody who 
has been at this for a while is helpful :-)

Thanks,
Ajay