Stephen Smalley wrote: > > On Tue, 30 Oct 2001, Stephen Smalley wrote: > > > Do you actually have a POSIX ACL security module that uses LSM and does > > not require any other kernel patches? > > Sorry, that wasn't clear. That question should be: Do you actually have > a POSIX ACL security module that uses LSM + the authoritative hooks patch > and does not require any other kernel patches? Hell, I doubt you could find a kernel that boots that doesn't require any patches! Seriously, we're talking about a set of works-in-progress: LSM, ACLs, Extended Attributes, XFS, and so on. We could make ACLs work under authoritative LSM without any other patches, but doing so might require some additional hooks. Of course, there's no incentive to do so under the current conditions. Plus, there's always the potential for things like the directory default ACL functionality that LSM might reasonably want to defer to Phase II. So, no, I wouldn't say there would be no other patches required. I would say that does not make a usable LSM worthless. Nor would I say that invalidates the arguement that LSM ought to support this. I would say that even with this, an LSM which does not provide useful service for a facility as important as POSIX ACLs is pretty pointless. -- Casey Schaufler Manager, Trust Technology, SGI caseyat_private voice: 650.933.1634 casey_pat_private Pager: 888.220.0607 _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Oct 30 2001 - 14:00:33 PST