David S. Miller wrote: >If you had implemented a clean interface for the VFS >bits, you could do the LSM stuff with zero overhead. I guess I don't understand the VFS objection. LSM is about more than access control for filesystems; it's about access control for all resources. Even if you replace all filesystem mediation in LSM with some VFS solution, that doesn't do anything for all the non-filesystem resources: they'd still incur non-zero, but small, overhead, just as they do today. Were you already aware of this? _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 02:31:25 PDT