Submitting LSM (Was: Re: OLS Bof info)

From: Stephen Smalley (sdsat_private)
Date: Wed Jul 10 2002 - 11:37:38 PDT

  • Next message: Greg KH: "Re: Submitting LSM (Was: Re: OLS Bof info)"

    Since James has flattened the hooks, it would be good if we could nail
    down exactly what else needs to be done prior to formally submitting LSM
    for consideration to the kernel developers and parcel out tasks.  Any
    timeline on when Greg might start feeding patches to Linus?  Looking
    at Seth's notes from the OLS BOF:
    
    On Thu, 27 Jun 2002, Seth Arnold wrote:
    
    > Q: "Is there still a qwait for p[ending VFS changes?" A: "Al Viro claims
    > to be working on it, not likely this is his highest priority. We could
    > make the changes for him, but it would require making changes to
    > filesystems, which would be a lot of work; since it is Al's subsystem,
    > we need to work with him."
    >
    > q: "If we are waiting on VFS, is it just the VFS piece that needs to
    > wait, or the whole patch?" A: "It is only the VFS pieces that need to
    > wait, but the other pieces are useless in comparison." "The major
    > rearrangements to the VFS subsystem are probably done, but we've been
    > trying to get him to finish it off since December; the extended
    > attributes people have asked him to do add the same functionality."
    
    I'm not clear as to whether we need to continue waiting on the pending VFS
    changes.  The LSM patch and the existing open source security modules
    certainly don't depend on any pending VFS changes (although some of the
    other modules may have dependencies, e.g. SubDomain), so there is no
    benefit to the LSM project to wait on these changes.  If the VFS changes
    aren't a high priority to Al Viro, then is it really critical that we
    wait?
    
    > 2.5 submission:
    >
    > We will need to flatten the security structure; who wants grunt work?
    
    James has done this.
    
    > We will probably need to get the networking hooks configurable.
    
    James pointed out that we can remove the NetFilter IP hooks from LSM and
    simply let the modules register them as necessary.  Is anyone already
    working on a patch for this?  Do we also need to make the non-NetFilter
    IPv4 networking hooks configurable?  What about the skb hooks?  The
    sock_rcv_skb hook?  The socket layer hooks?  Does this need to be done
    prior to initial submission of the LSM patch?
    
    > Chris wants to convert the VFS interface to a stackable filesystem
    > layout. Who knows when he will get to it. This ought to eliminate pre,
    > post, and mediation hooks. (Patrick jokes VVFS.) This functionality
    > would be useful to more people, such as server-based filesystems,
    > compressed filesystems, encrypted filesystems, etc. What might be lost?
    
    This seems to be way outside the scope of LSM.  Surely we aren't planning
    on deferring initial submission of LSM until after this kind of change?
    Wasn't this idea rejected a long time ago due to being out of scope and
    due to concerns with exposing too much kernel functionality to loadable
    kernel modules?
    
    --
    Stephen D. Smalley, NAI Labs
    ssmalleyat_private
    
    
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Jul 10 2002 - 11:39:29 PDT