On Tue, 30 Oct 2001, Casey Schaufler wrote: > Seriously, we're talking about a set of works-in-progress: > LSM, ACLs, Extended Attributes, XFS, and so on. We could make > ACLs work under authoritative LSM without any other patches, > but doing so might require some additional hooks. Of course, > there's no incentive to do so under the current conditions. Ok, but I'm still not clear on whether the POSIX ACLs security module that you suggested as an open source example has already been developed and can be released at any time once approved, or if it has yet to be developed. More generally, do you have any existing security modules that need the authoritative hooks that you are willing to open source as motivating examples? If not, any idea on how long until you could have such a module developed? Assume for a moment that other kernel patches (like extended attributes) aren't an issue. With regard to POSIX ACLs, is your module (or your intended future module) a port of the existing POSIX ACLs kernel patch available at http://acl.bestbits.at to a LSM security module, or is it something independently developed by SGI? Just wondering whether we can glean any useful insights into what this module would look like by examining the existing open source POSIX ACLs kernel patch. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Oct 31 2001 - 07:00:48 PST