On Mon, 5 Nov 2001, Casey Schaufler wrote: > Unless the branch is the official Phase II. We believe that would > address all of the issues We can think of from my side. We expect > it would raise a bunch elsewhere, and that's fair. It sounds like you are asking for a commitment to pursue authoritative hooks in Phase II. That seems premature since we haven't even submitted the current LSM yet. I think it would be confusing to have a Phase II branch before we even have Phase I accepted, and possibly wasteful since Phase I may undergo radical changes prior to acceptance. Certainly we should consider authoritative hooks and "logic out" in subsequent phases of LSM, but I think it would be a mistake to make such a commitment now. On a different but related topic, I wondered whether you really need authoritative hooks for POSIX ACLs. Seems like you can achieve authoritative behavior for file access controls via the existing capable+restrictive scheme, even though this isn't sufficient for all kernel access controls. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Nov 08 2001 - 13:46:37 PST