On Wed, 7 Nov 2001, Chris Wright wrote: > > Forgive my ignorance: is "properly" within LSM context or based on the > > kernel if LSM is not included? Might not LSM-prior solutions rely on this > > export? > > properly meaning using the current stacking interface (mod_[un]reg_security). > and yes some solutions may be using the older way. that's _exactly_ why > i'm asking. consider yourself forewarned that it will go away ;-) > > -chris > This is good evidence that decisions are made prior to discussion on this list. Actually, I don't need this export, so I'm not going to pursue it. I actually am thinking "if we block off this, we are blocking off prior solutions, because that is an anti-LSM solution." Is there ANY reason to remove this export, other than it forces LSM modules? Since the "stated" thinking has been "preserve the current, advocate more restrictive", this should be considered a pre-existing security "feature", IMHO. Leave it, until somebody can show it's an access-restriction risk. Chris: why do you want to remove this export? Sincerely, J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Nov 07 2001 - 15:49:40 PST