Mike MacCana wrote: > Some simple questions: > > The current discussion of future LSM modules has been capabilities. Not exclusively capabilities. We believe we can get SubDomain and CryptoMark (WireX products) to work with the same or very similar hooks to those needed for Capabilities. We further conjecture that LIDS and Janus, providing similar functionality to SubDomain, can also be made to work with this modest set of hooks. > Is there > anyone on the list from the Extended Attributes and ACL project? We would like there to be :-) My chat over the weekend about extended attributes pertains directly to projects like ACL. However, my design philosophy here is to *not* include something unless someone with a module and serious intent to use the LSM steps forward and says "I need <foo hook>" and presents a solid case for why it can't be done with the existing hooks. The purpose of this apporach is to maximize the number of supported modules while minimizing the impact of LSM on the mainline kernel. So a hook is a gimmie if it is lightweight, and several different modules need it (e.g. hooks into open). A hook is a tough sell if it is expensive, and only one module needs it (no examples yet). > Does the Linux ACL project plan to exist within the LSM framework? That would be nice, but I don't speak for them. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 10:54:58 PDT