Re: LSM Patch Additions for CAPP (C2) Audit Trails

• Previous message: jmjonesat_private: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• In reply to: jmjonesat_private: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• Next in thread: jmjonesat_private: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* jmjonesat_private (jmjonesat_private) wrote:
> On Thu, 5 Jul 2001, Chris Wright wrote: 
> 
> > in general, throwing out any kernel logic and replacing with hook is not
> > acceptable. 
> 
> > will not accept the vfs_permission change,
> 
> > changeattr hook is not acceptable,

<snip>

> Can anybody state (succinctly) the limits of LSM, yet?

the specific changes mentioned above push significant amounts of kernel
logic into the module.  we already hashed this out on the list and
decided against it.  we are looking for a minimal impact patch.  we've
got to get our foot in the door first...(see also cripsin's comments
regarding our conversation with ted ts'o).

-chris

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Wright: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• Previous message: jmjonesat_private: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• In reply to: jmjonesat_private: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• Next in thread: jmjonesat_private: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 10:04:17 PDT