Re: quotactl hook

• Previous message: jmjonesat_private: "Re: quotactl hook"
• In reply to: jmjonesat_private: "Re: quotactl hook"
• Next in thread: jmjonesat_private: "Re: quotactl hook"
• Reply: jmjonesat_private: "Re: quotactl hook"
• Reply: jmjonesat_private: "Re: quotactl hook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Sep 01, 2001 at 06:46:36PM -0400, jmjonesat_private wrote:
> I don't have any specific response to this assertion, but, respectfully,
> ask for someone (even Greg ;)) to clarify "the direction LSM is heading",
> hopefully with regard to:

My opinions:

> 1) authoritative hooks: YES, NO, CONDITIONAL (how?)

No.  I've already talked about why I feel this way.  Please see the
archives.

> 2) DAC bypass (as an option), YES, NO, CONDITIONAL (how?)

Do you mean the MAC before DAC discussion?
Personally I don't care.  But I like the current DAC before MAC
implementation that LSM seems to follow.

> 3) Support for loadable modules NOT compiled into the kernel (I've 
>    seen some "not an issue because we're suggesting compiling in" 
>    discussions that have short-circuited (perhaps not intentionally)
>    issues that may be relevant to allowing a module to slide into 
>    a system that has run for a while before the module is loaded.
> 
>    YES, NO, CONDITIONAL (how?)

Yes.  This support is there right now.  You just have to get the logic
correct in your module, being able to handle the tasks and other objects
that were created before your module was loaded.

And if you want to recommend that your module be compiled into the
kernel (like SELinux does) that's your option.

> I'm dealing with developers in my project that insist that it may be
> necessary for us to "branch", and create a patch that removes LSM and
> reapplies a specific patch to the kernel to address our functionality.
> I'd rather not go that direction, but a few things that may be necessary
> are probably going to need a "plus-patch", and some other things that are
> admittedly possible, but require significant "manipulation" with the
> current patch may be better done with "plus-patches."

A branch of a patch, and I thought I had heard of everything :)
Fine, all the lsm work is opensource, and if it doesn't meet your needs
in certain ways, feel free to change it for your own usages.  Just
respect the current license and everyone will be happy.

Did this help?

thanks,

greg k-h

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: jmjonesat_private: "Re: quotactl hook"
• Previous message: jmjonesat_private: "Re: quotactl hook"
• In reply to: jmjonesat_private: "Re: quotactl hook"
• Next in thread: jmjonesat_private: "Re: quotactl hook"
• Reply: jmjonesat_private: "Re: quotactl hook"
• Reply: jmjonesat_private: "Re: quotactl hook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Sep 01 2001 - 15:57:35 PDT