Matt Block wrote: >The idea seems to be: > (1) Acceptance now is more important than full-featuredness > (2) Smaller is _much_ better than larger (enough so that without a >compelling reason to grow the LSM hooks, it is enough to say, "but that >would make them larger" to quash a development) Seems like a nice summary. > (3) The kernel developers for any number of reasons will prefer by >overwhelming majority performance to security While others may or may not share this philosophy, I don't think we've "had it out" on this question. The question just hasn't come up: as far as I recall, we haven't run into any hard tradeoffs between performance and security yet. (Remind me if I've forgotten something.) Anyway, the rest of your email seems to come down to a single question. You seemed to expect that the goal of LSM is to support all possible security policies. In contrast, my understanding is that the charter of LSM is much more limited: It is to support a set of existing access control policies (and possibly some new ones, too, if it seems appropriate), and things that aren't access control seem to be out of scope. Furthermore, I would take issue with your characterization of LSM as not completely meeting _anyone's_ needs; on the contrary, there are a number of projects (e.g., SubDomain, SELinux) whose needs seem to be nicely met by LSM. I don't know whether this answers your question, or whether this reflects the views of others on this list. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 00:53:56 PDT