jmjonesat_private wrote: > Yes, I understand this now. However, since it requires the confined > process to be executed as root and then confined (i think) it circumvents > many of those restrictions in favor of its own model. This is very > useful, but I have some issues with it. > > Because this discussion is somewhat off-topic and based on > theoreticals/philosophy, rather than being strictly forward moving via > the code, I've moved it to lsm-discussionat_private to hash it out > before returning it here with (hopefully) more on-topic results. More important, it is getting into the range of debating the merrits of one LSM module/model over another, which is explicitly off topic here. The only reason we care at all about what a module does is to understand if there is a legitimate purpose to a requested new hook. Other than that, bashing each other's modules around is entirlely counterproductive. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 10:52:25 PDT