On Tue, 31 Jul 2001 19:12:20 PDT, Crispin Cowan said:
> I believe it to be completely infeasible to ever consider moving the kernel
> security logic into a module. In-kernel security logic ("DAC" for short :-) is
> deeply intertwined with lots of other non-security code. Teasing it apart
> would be a Herculean task (complete with shoveling loads of crap :-) and is
> fraught with error. As a result, the kernel group is highly likely to reject
> such a proposal.
Is it something that we should at least get onto people's radar as a possible
thing for a 2.7 kernel project? I suspect much of it is intertwined due to
"just grew" software dynamics. This leaves 3 questions:
1) Would it be worth the effort for *somebody* to unsnarl/streamline it?
2) Should the "somebody" be "us" as part of a 'stage 2' effort?
3) If both of these are "yes", is there anything we can/should do now to
facilitate it (or at least not complicate it later)? Yes, I know there's a
general distaste for "do it now for later", but good software design principles
also say you should at least be *thinking* about future expansion needs ;)
/Valdis
This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 19:21:20 PDT