On Thu, 02 Aug 2001 12:05:02 EDT, Stephen Smalley <sdsat_private> said: > and this is impeding forward progress on LSM. Authoritative > hooks were discussed, implemented, and discarded back in June. > Moving DAC out of the base kernel was discussed and rejected. However, one of the reasons for rejecting authoritative hooks (simple assurance) has since been re-examined and found to have some issues, which although not *obviously* fatal, are at least sufficient to require some re-discussion - even if we wish to continue on the path we currently are, we need to at least be able to say "we considered the new evidence and decided to not change our minds". Given that there has been at least one concrete proposal by jmjones that would provide a stackable module on top of authoritative hooks that would provide at least a large chunk of what simple assurance was supposed to buy us, some pondering is needed... Similarly, we discussed DAC before, but today was the first time I've seen the issue of NFSv4 raised in conjunction with it. Now, unless there are clear and obvious reasons to label NFSv4 a DOA technology, we *WILL* have to figure out how to make it play well with DAC. On Wed, 01 Aug 2001 18:53:47 -0400, jmjonesat_private said: > There are 400 people on this list. Man, and I felt bad that I'm only commenting and not producing any code. ;) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 11:19:18 PDT