Re: Making forward progress

From: Valdis.Kletnieksat_private
Date: Thu Aug 02 2001 - 11:14:54 PDT

  • Next message: richard offer: "Re: Making forward progress"

    On Thu, 02 Aug 2001 12:05:02 EDT, Stephen Smalley <sdsat_private>  said:
    > and this is impeding forward progress on LSM.  Authoritative
    > hooks were discussed, implemented, and discarded back in June.
    > Moving DAC out of the base kernel was discussed and rejected.
    However, one of the reasons for rejecting authoritative hooks (simple
    assurance) has since been re-examined and found to have some issues, which
    although not *obviously* fatal, are at least sufficient to require some
    re-discussion - even if we wish to continue on the path we currently are,
    we need to at least be able to say "we considered the new evidence and
    decided to not change our minds".  Given that there has been at least one
    concrete proposal by jmjones that would provide a stackable module on top
    of authoritative hooks that would provide at least a large chunk of what
    simple assurance was supposed to buy us, some pondering is needed...
    Similarly, we discussed DAC before, but today was the first time I've seen
    the issue of NFSv4 raised in conjunction with it.  Now, unless there are
    clear and obvious reasons to label NFSv4 a DOA technology, we *WILL* have
    to figure out how to make it play well with DAC.
    On Wed, 01 Aug 2001 18:53:47 -0400, jmjonesat_private said:
    > There are 400 people on this list.
    Man, and I felt bad that I'm only commenting and not producing any code. ;)
    				Valdis Kletnieks
    				Operating Systems Analyst
    				Virginia Tech

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private

    This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 11:19:18 PDT