On Mon, 13 Aug 2001, Chris Wright wrote: > * name vs. inode (as Serge pointed out, we may have a solution in 2.5, > see http://acl.bestbits.at/pipermail/acl-devel/2001-August/000734.html) I thought that this was resolved, pending submission of a specific proposal from WireX for new hooks that would meet their needs. If 2.5 is going to solve your problem anyway, then so much the better. > * in-kernel check vs. lsm-check ordering I thought that this was resolved, with the decision being that we place the LSM hooks after the DAC logic whenever feasible. This was already the case for many of the hooks, and I think I moved the remaining ones when feasible. > * all in-kernel checks to module This seems to have been resolved by the recent posting by Ted Ts'o. > anything else? Yes, I would suggest that we also discuss the following: * status and plans for the capabilities module * controlling Unix domain sockets that use the abstract namespace * Ted's comments about making LSM a configuration option, using macros, etc. * plans for submitting a patch to the kernel developers -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 08:00:37 PDT