* jmjonesat_private (jmjonesat_private) wrote: > > On Thu, 5 Jul 2001, Crispin Cowan wrote: > > > Ted agreed with the consensus the LSM list came to a few weeks ago: > > movking kernel logic out to a module is too intrusive and too > > risk-prone, so don't do it. > > The original "move capabilities to a module" value that partly triggered > LSM now seems somewhat inconsistant... we're not really doing that at all: > just *extending* capabilities support to a module, leaving it basicly > intact in the kernel, and treating it the same way we're treating any > other pre-existing kernel security mechanism: extending, not moving. capabilities represents a permissive security model. we are capturing this model, and allowing capabilities to be a module. so we are moving it to a module. i see no inconsistency. -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 10:12:21 PDT