Charles Levert (LMC) wrote: >Crispin Cowan wrote: > >>Your question is well taken. We even had a long discussion on the >>question of keeping LSM hooks up to date WRT kernel evolution at the >>first LSM BoF last summer. >> >I was at the BoF at USENIX/Sec last summer, although about one hour >late from attending another presentation. If this is the one, I must >have missed that specific part. > There were two BoF's: USENIX Annual Technical (Boston, June) and USENIX Secuirty (Washington, August). IIRC, the validation discussion was in Boston. >>WRT the "status of modules." Linux has a long-standing policy that >>there is NO guarantee that modules will work across kernel versions. To >>keep your module working between (say) Linux 2.6.17 and 2.6.18, you may >>well have to hack the source to your module as well as re-compile. >> >From your answer, as well as Chris', I deduce that, from a vendor's >perspective, if you want to distribute a given kernel (standard or not), >you must distribute everything else (modules) that corresponds to it. >Makes sense. > I had never thought of it that way, but yes I think that's right: if you distribute non-standard kernels, then you had better distribute custom modules with it. LSM (technology and project) was designed to solve the opposite problem: allowing people with non-standard security toys to distribute modules that will work with standard kernels, e.g. so that SELinux can build a module that "just works" with whatever kernel Red Hat is shipping at the time. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 08 2002 - 14:53:33 PDT