Re: Last question on rm -f unused_hooks*

• Previous message: Demetrios Lambrou: "Last question on rm -f unused_hooks*"
• In reply to: Demetrios Lambrou: "Last question on rm -f unused_hooks*"
• Next in thread: Demetrios Lambrou: "Re: Last question on rm -f unused_hooks*"
• Reply: Demetrios Lambrou: "Re: Last question on rm -f unused_hooks*"
• Reply: Crispin Cowan: "Re: Last question on rm -f unused_hooks*"
• Reply: Mike Wray: "Re: Last question on rm -f unused_hooks*"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 01, 2002 at 06:09:47AM -0400, Demetrios Lambrou wrote:
> 
> So you are saying that frequent changes to the base kernel (once LSM becomes
> part of the mainstream kernel) are ok and that Linus would be happy to have 
> new hooks added ,whenever there is a person that has a new LSM idea.

I do not speak for Linus, so I do not know.

> But he is not happy with the idea that there would be some hooks that
> are not used at the time of the merge. Maybe the LSM people should
> give it some more time before cutting out hooks.

I am not happy with the idea that there would be hooks in the kernel
that are not being used.  That's not the Linux way.  If the code isn't
being used, it's removed.  I do not expect to ask anyone to try to
maintain the presence of a hook that is not being used.

And personally, I will not ask Linus to accept a patch for a hook that
is not being used.  If you have a problem with my decision about this,
and think you can make a convincing argument to the upstream maintainer
of the specific piece of code where that hook lives, by all means,
please do.

> Why dont you keep it simple and stick to the original LSM design?

That sounds simple to me.  And what design rules am I breaking with this
statement?

> If you really think that some hooks should not be there, publish a new
> paper called the "New LSM framework" and then change the framework.

Hm, a bit touchy aren't we?  :)

Seriously, we are still mediating access to kernel objects, just like
the original design.  I don't see how getting rid of the module_* hooks
means we have a "whole brand new LSM framework" to deal with.

> The original paper is getting a bit out of date now. The framework is
> drifting slowly from truly generic to 5 or so existing LSMs specific.

Patches gladly accepted.  As all we have to work with is 5 or so
existing chunks of code that actually _use_ this framework, I don't know
what else we can use.

If you have a LSM module that needs one of the hooks that we are
proposing removing, speak up!

thanks,

greg k-h
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Christoph Hellwig: "Re: [RFC] LSM changes for 2.5.38"
• Previous message: Demetrios Lambrou: "Last question on rm -f unused_hooks*"
• In reply to: Demetrios Lambrou: "Last question on rm -f unused_hooks*"
• Next in thread: Demetrios Lambrou: "Re: Last question on rm -f unused_hooks*"
• Reply: Demetrios Lambrou: "Re: Last question on rm -f unused_hooks*"
• Reply: Crispin Cowan: "Re: Last question on rm -f unused_hooks*"
• Reply: Mike Wray: "Re: Last question on rm -f unused_hooks*"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 01 2002 - 09:41:42 PDT