Re: MARC: msg 'Re: [PATCH] remove sys_security'

From: David Wagner (dawat_private)
Date: Fri Oct 18 2002 - 02:12:54 PDT

  • Next message: Crispin Cowan: "Re: [PATCH] remove sys_security"

    David S. Miller wrote:
    >If you had implemented a clean interface for the VFS
    >bits, you could do the LSM stuff with zero overhead.
    I guess I don't understand the VFS objection.  LSM is about
    more than access control for filesystems; it's about access control
    for all resources.  Even if you replace all filesystem mediation in
    LSM with some VFS solution, that doesn't do anything for all the
    non-filesystem resources: they'd still incur non-zero, but small,
    overhead, just as they do today.  Were you already aware of this?
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 02:31:25 PDT