On Mon, 8 Oct 2001, Stephen Smalley wrote: > > On Fri, 5 Oct 2001, Chris Wright wrote: > > > i think, once we reach a stable snapshot, we'll need to break the patch > > apart and present it to subsystem maintainers for comments. for > > example, i'd like create a LSM VFS patch and propose it to the > > linux-fsdevel list. i don't believe we can present the entire LSM patch > > and expect any useful repsonses. > > Are you sure that this is necessary? The SubmittingPatches document says > to separate each logical change into its own patch. LSM is a single > logical change, i.e. the addition of security hooks to the kernel, > although it spans many different kernel subsystems. Also, since LSM was > created specifically in response to Linus' remarks at the 2.5 kernel > summit about what he would be willing to consider for inclusion in the > mainstream Linux kernel, wouldn't it be better to send the entire patch to > him and to lkml for initial consideration? You know, I have to agree with Mr. Smalley. This patch exhibits significant effort to "reduce" it to make it as small as possible without sacrificing functionality. Along the way, there have been "you can do that with THIS part, so we don't need THAT thing" discussions. If you divide it any way at all, I think you will be opening the "what if" cases for a number of access-restriction questions. If you CAN break off part of it and it doesn't do that... LSM needs to reduce farther to meet that objective. Perhaps it would be more useful to discuss the division you have in mind... what functional divisions do you believe could stand on their own against the "light of scrutiny"? Or, rather, what are the "subsystems" of the LSM patches that you envision addressing? It's ALL access-restriction, the only concievable divisions are based on "access to what?" I am very much in disbelief that you can separate access-to-files from access-to-sockets (for example) and still have an effectively restrictive policy. Seriously, this is a tight patch, J. Melvin Jones > > -- > Stephen D. Smalley, NAI Labs > ssmalleyat_private > > > > > _______________________________________________ > linux-security-module mailing list > linux-security-moduleat_private > http://mail.wirex.com/mailman/listinfo/linux-security-module > |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Oct 08 2001 - 12:52:00 PDT