On Mon, 23 Jul 2001, Crispin Cowan wrote: > jmjonesat_private wrote: > > > Yes, I understand this now. However, since it requires the confined > > process to be executed as root and then confined (i think) it circumvents > > many of those restrictions in favor of its own model. This is very > > useful, but I have some issues with it. > > > > Because this discussion is somewhat off-topic and based on > > theoreticals/philosophy, rather than being strictly forward moving via > > the code, I've moved it to lsm-discussionat_private to hash it out > > before returning it here with (hopefully) more on-topic results. > > More important, it is getting into the range of debating the merrits of one > LSM module/model over another, which is explicitly off topic here. The only > reason we care at all about what a module does is to understand if there is a > legitimate purpose to a requested new hook. Other than that, bashing each > other's modules around is entirlely counterproductive. > > Crispin > > -- > Crispin Cowan, Ph.D. > Chief Scientist, WireX Communications, Inc. http://wirex.com > Security Hardened Linux Distribution: http://immunix.org > Available for purchase: http://wirex.com/Products/Immunix/purchase.html I agree. I'm only using SubDomain as an example, not trying to "slam it" directly... I acknowledge great value there. Evolution builds on the experience of predecessors... and new "experiments" tend to die quickly... but LSM introduces a moment of "punctuation" into the "equilibrium"... I suspect it will inspire great new species. MY attempt is to discuss various strategies and how they're supported... or unsupported, in the LSM interface... not to specifically argue against any strategy, just to argue that it implies other strategies that might also be relevant. J. Melvin Jones. |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 10:59:50 PDT