Re: Making forward progress

From: Stephen Smalley (sdsat_private)
Date: Thu Aug 02 2001 - 11:38:44 PDT

  • Next message: James Morris: "Low-level network hooks and rtnetlink"

    On Thu, 2 Aug 2001, richard offer wrote:
    > The fact that the issues keep reappearing indicates that not everyone is
    > happy with the current proposal. As new evidence appears it is right to
    > re-evaluate design decisions. Design by Status Quo isn't a valid
    > methodology.
    As I've said, there is no new evidence here.  And as far as I know,
    only SGI is unhappy about the status quo on ordering, restrictive
    hooks, and leaving DAC in the kernel.  I don't think that keeping
    everyone happy is the number one goal here.
    > Shipping something that is flawed and does not have buyin from everyone
    > just to be able to say we shipped something is going to lead to problems
    > and is likely to doom the project to failure.
    > If the LSM isn't useful outside of SELinux/SubDomain/Janus its going to
    > suffer when it hits the main line.
    LSM isn't flawed.  It just doesn't satisfy everyone's needs.  But it
    is doing quite well at fulfilling the mandate given by Linus.  In its
    current form (modulo the list of remaining work I mentioned), it can
    likely satisfy the needs of many different access control projects, e.g.
    SELinux, RSBAC, LIDS, DTE, SubDomain, Janus, etc.  LSM needs to
    have a well-defined scope if it wants to succeed.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 11:42:41 PDT