"Steven M. Kramer" wrote: > I'm Steve Kramer from HP in Atlanta. We've had a secure web server called > VirtualVault (based on SecureWare's CMW technology) for about 5 years now. > Some of us are now working on a Interesting. I've studied VV, but didn't know it was desendant from CMW. > 1. Where would I get sources to be able to build and try the kernel? Go to http://lsm.immunix.org/ There you will find exportable patch files that you can use to patch your standard Linux kernel source tree. The BitKeeper server also presents a surfable kernel source tree here http://lsm.immunix.org:5555/ > I've read about BitKeeper and assume its an application server that gives me > access to the sources. Sort of. BK is competition for CVS. It's a distributed version control system. There's a client and a server, and in addition to all the usual version control widgets, BK provides superior ability to merge change sets. Linux 2.4 being a moving target, this feature is important. > (I'm not exactly sure what I get from the download because I want to wait > until our lawyers sort out the license - based on J.M.Jones's concerns.) With all due respect, JM Jones' concerns are ill-founded. Non-paid use of BK commits you to publishing your change logs, which makes it mostly appropriate for open source projects. Since LSM is an open source project, this should not pose a problem. If you are doing some other proprietary Linux kernel work, then you should either not use BK for that work, or purchase commercial copies of BK from the vendor http://www.bitkeeper.com/ Remember, we're talking about hacking the Linux kernel here, which is already thoroughly GPL'd, so just how scary can the BK license really be? Usual caveat: IANAL, consult the BK license and your attorney for specifics. In that sense, JM Jones did precisely the right thing. > 2. If after step 1 is solved, how do I submit changes? It's my understanding > that I send patch files to the list and consensus rules, and then Chris puts > them in BitKeeper for all to extract. Am I correct in this? Yes, that's correct. A few non-WireX people have write access to the BK server, but this being a security project, we're tight about that. > 3. Maybe I'm being presumptious in the last question, but is it true that > anyone can join the group and contribute? Within the bounds of the project, yes. Getting Linus to accept LSM into the main goal of this project, so when ever something that someone wants conflicts with what Linus is likely to accept, Linus wins: * All LSM kernel code is GPL'd (not the modules per se, but the stuff that goes into the LSM patch). * The patch is to remain as small as possible. * The technical objective is to support security-enhancing modules, particularly access control modules. As you have seen, Honeypots are a nice security thing, but outside the goals of LSM, so Honeypots get "best effort" support. * We're targeting the kernel, in the narrowest sense. Hooks that are particular to some specific file system (e.g. Reiser, Ext3, etc.) are problematic. At the moment, we're sinking hooks into the VFS layer, and hoping that's sufficient. If an essential feature comes along where that is not sufficient (e.g. robust support for extended attributes) then some further architecting will be necessary. So while we listen to consensus, just because you contributed something doesn't mean we'll take it. On the other hand, code speaks loudly, and if you contribute something that works and is consistent with the project goals, it likely will be accepted. Like in the IETF: rough consensus, and working code. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jun 25 2001 - 09:13:51 PDT