Christoph Hellwig wrote: >On Thu, Oct 17, 2002 at 01:10:31PM -0700, Greg KH wrote: > > >>>>How would they be done differently now? Multiple different syscalls? >>>> >>>> >>>Yes. >>> >>> >>Hm, in looking at the SELinux documentation, here's a list of the >>syscalls they need: >> http://www.nsa.gov/selinux/docs2.html >> >>That's a lot of syscalls :) >> >> >I know. but hiding them doesn't make them any better.. > Actuall, yes it does, and that is the point. You don't have to like SELinux's system calls, or any other module's syscalls. The whole point of LSM was to decouple security design from the Linux kernel development. There are a butt-load of different access control models, and many of them are not compatible with one another. You wouldn't want to support them all--that would be serious bloat. So instead, LSM lets each user choose the model that suits them: * server users can choose a highly secure model * workstation users can choose something desktop oriented * embedded people can choose nothing at all, or the specific narrow-cast model that they need On the other hand: what is the big cost here? One system call. Isn't that actually *lower* overhead than the (say) half dozen security-oriented syscalls we might convince you to accept if we drop the sys_security syscall as you suggest? Why the fierce desire to remove something so cheap? Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 00:05:32 PDT