On Sun, 26 Aug 2001, Greg KH wrote: > On Mon, Aug 27, 2001 at 10:55:15AM +1000, Lachlan McIlroy wrote: > > > > Attached is a patch to add a hook to the quotactl() > > system call. The hook has been made authoritative as > > that seems to be the direction that LSM is heading. Any > > feedback/opinions/comments would be greatly appreciated... > > I don't think that is the way LSM is heading right now at all. So I > removed the authoritative part of your patch and just made it a small, > boring restrictive hook :) I've been out-of-loop for a few weeks due to payme projects. I don't have any specific response to this assertion, but, respectfully, ask for someone (even Greg ;)) to clarify "the direction LSM is heading", hopefully with regard to: 1) authoritative hooks: YES, NO, CONDITIONAL (how?) 2) DAC bypass (as an option), YES, NO, CONDITIONAL (how?) 3) Support for loadable modules NOT compiled into the kernel (I've seen some "not an issue because we're suggesting compiling in" discussions that have short-circuited (perhaps not intentionally) issues that may be relevant to allowing a module to slide into a system that has run for a while before the module is loaded. YES, NO, CONDITIONAL (how?) I'm dealing with developers in my project that insist that it may be necessary for us to "branch", and create a patch that removes LSM and reapplies a specific patch to the kernel to address our functionality. I'd rather not go that direction, but a few things that may be necessary are probably going to need a "plus-patch", and some other things that are admittedly possible, but require significant "manipulation" with the current patch may be better done with "plus-patches." I've given up on trying to deflect LSM philosophically, but still wish to support the effort being applied, and would like some clarification as to what is and isn't "consistant" at this point... since I sense a decision has been made and, while it's not yet "hard", it's "set." Thanks, J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Sep 01 2001 - 15:47:43 PDT