Re: [RFC] LSM changes for 2.5.38

From: Antony Stone (Antony@Soft-Solutions.co.uk)
Date: Fri Sep 27 2002 - 09:48:11 PDT

  • Next message: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"

    On Friday 27 September 2002 5:34 pm, Greg KH wrote:
    
    > On Fri, Sep 27, 2002 at 08:09:50AM -0400, Stephen Smalley wrote:
    > > > Also is there a _real_ need to pass in all the arguments?
    > >
    > > Define _real_.  It is true that none of the existing open source security
    > > modules presently use this particular hook.  SELinux doesn't presently
    > > use it, but it seems reasonable to support finer-grained control over
    > > ioperm() than the all-or-nothing CAP_SYS_RAWIO.  Is the criteria that
    > > every hook and every parameter to every hook must be used by an existing
    > > open source security module?  If so, then yes, this hook can be dropped.
    >
    > Yes, I think that is the criteria for any security hook.  So it (and
    > others) should be dropped.
    
    Why do you want to stop any new open source projects from having access to 
    these hooks, just because they are not being used by current projects ?
    
    It seems like saying a couple of years ago "no-one's using these USB 
    functions, so we're going to get rid of them", simply because not enough 
    people had bought USB stuff to play with yet.
    
    I think you run the risk of seriously restricting the wider take-up of LSM if 
    you remove parts of it without a good reason (such as conflicts with 
    something else which is deemed more important, or a significant change to the 
    overall architecture).
    
    Antony.
    
    -- 
    
    Abandon hope, all ye who enter here.
    You'll feel much better about things once you do.
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 09:49:27 PDT