Re: Making forward progress

From: Theodore Tso (tytsoat_private)
Date: Wed Aug 15 2001 - 01:35:38 PDT

  • Next message: Stephen Smalley: "Re: USENIX Security LSM BOF Notes"

    On Tue, Aug 14, 2001 at 08:02:56PM -0400, jmjonesat_private wrote:
    > 
    > While there is resistance to conditional code, I would like to point out
    > as a "base" that applying the patch or NOT applying the patch is a
    > "condition"... the difference is a Y/N/M answer in make config or a
    > download and one line of command.
    > 
    > ....
    >
    > 3) MACROS are not really necessary in the current model.  All the hooks
    > are  "out negative"... by which I mean that if you don't patch the kernel
    > at all, there's no cost.  Therefore, macros are not necessary.... just
    > make the whole ball of wax optional.
    
    OK, I think we have a failure to communicate here.
    
    I was asked to suggesst ways in which the LSM patch could be
    integrated into the mainline kernel sources, so that it wouldn't be
    necessarily to patch the kernel first, and so to make it easier to
    keep LSM tracking against future kernel versions (since if the code is
    in the kernel sources, even if under a ifdef, or under the use of a
    cpp macro which may evaluate to nothing, then when kernel developers
    make changes to the kernel, they will likely the LSM hooks, and so LSM
    can much more easily track future kernel versions).
    
    But if your assumption is that LSM is always going to be a separate
    patch which must be applied to the kernel, and which you must manually
    update each time the kernel changes, why are you bothering to talk to
    me or any other kernel developer for that matter?  Just keep doing the
    patch, and you can make it as ugly, and as intrusive, and as hard as
    maintain against future kernel versions as you like.  You'll find it a
    lot harder to get the attention of the rest of the Linux world, but
    that's certainly a choice that you have.  No one is forcing you to do
    anything, remember....
    
    						- Ted
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Aug 15 2001 - 19:02:40 PDT