On Thu, Jul 11, 2002 at 08:30:39AM -0400, Stephen Smalley wrote: > > On Wed, 10 Jul 2002, Greg KH wrote: > > > I'd be glad to start feeding them, but want to see the following done > > first: > > - split out the "non LSM" patches from the tree and send those > > first. > > Ok. Do you want/need help in splitting out these patches, or are you > and/or Chris already working on this task? I had the impression that Chris was going to do this, I'm currently not. So yes, any help would be appreciated. If someone wants to send me these patches, I'll add them to a bk tree to send to Linus. > > - either remove, or provide a config option to remove the > > network hooks. Robert Love gave me the idea of how to make > > them configurable that I'd be glad to do if someone wants me > > to. Actually, I could make all the hooks configurable if we > > want to (header file judo is fun :) > > I don't think we want to make all the hooks configurable unless we are > specifically told to do so by the kernel developers, as that seems > contrary to Linus' original guidance. I'd suggest only making the network > hooks configurable initially, and only the most sensitive ones (e.g. > possibly the IPv4 networking hooks and the sk_buff hooks, but probably not > the socket layer hooks). But Chris and James seem to think that we should > wait on even making these hooks configurable until after the networking > maintainers ask for such changes, and that makes sense to me as well. Is > that ok with you? I think we should initially not submit the network stuff at all. Then, after the main lsm patch is in, add the network stuff as a separate configuration option. I figure all the main battles will have taken place by then, so we can just focus on the network issues. Sound good? thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 10:47:22 PDT