Seth Arnold wrote: >On Fri, Oct 05, 2001 at 06:10:05PM -0700, Crispin Cowan wrote: > >>To refresh everyone's memory, here is the notes from the August LSM BoF >>http://mail.wirex.com/pipermail/linux-security-module/2001-August/001663.html >> > >One further issue that was brought up in the BOF (at least, as reported >by Crispin's notes :) was getting LSM back out, once the patch is >accepted. > >Linus says no conditional compilation. I think we can all agree on this, >particularly with as invasive a patch as we have now. > >Does anyone have ideas for the headers that will enable folks to compile >out LSM if they want, while still being pretty? Are there other examples >(devfs?) that we should model? > There are two conflicting schools of thought on this issue: * conditional compilation is bad: hard to maintain, etc. So just use straight hooks, and make them as efficient as possible. * you can't please everyone, so make LSM config'able. But you can't have both. Most of us in LSM appear to be agnostic on this question, so my plan was to go forward with the straight hooks, and cooperate if the kernel consensus is that it should be config'able and just change it. >And, do we need to have this elvel of readiness before submitting our >patch? > Since we don't actually know what the right answer is, then "no." Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 19:24:32 PDT