next up previous contents
Next: LinSec Capability Model Up: Implementation Previous: SMP Issues   Contents

LinSec Lifetime

LinSec lifetime, from system boot until system shutdown, can be divided into two phases:

  1. Initialization: used to set up LinSec (read configuration files, initialize kernel buffers, etc.), and
  2. Operation: LinSec mandatory security policy enforcement.

The Initialization phase is performed after main kernel subsystems have been set up and just before init executable is loaded (function linsec_do_setup, kernel/linsec_setup.c, called from function init, init/main.c). Thus, LinSec mandatory security policy enforcement starts from the very beginning of the userspace system boot phase.