On Tue, Dec 24, 2002 at 12:22:21PM -0800, Crispin Cowan wrote: > David Wheeler wrote: > > >However, before doing so, I want to hear any comments. > >If people often want to mix in the capability module with another > >secondary module when they have a single child, > > Single child; hmmm. Does that mean "stacker + one functional module"? Or > "stacker + capabilities + one other module"? I expect the common cases > to be: > > 1. capabilities only: oblivious users who don't do anything to > enhance kernel security, and just load up the defaults. Hm, tell us how you really feel about "oblivious users" :) > 2. capabilities + OWLSM: nearly oblivious users who want to just add > the "zero management" security of OWLSM. owlsm already merges both functionality together today in one module, no "stacking" needed. > 3. capabilities + OWLSM + MAC: where "MAC" is one of SELinux, LIDS, > DTE, or SubDomain, etc. Users taking active steps to enhance > security with MAC. And playing with fire. Who's going to ever agree to say that their module will work just fine stacking with an unknown list of other modules. And who would really want that speed hit on their machine :) > WireX will probably go with #3 or #4, plus some additional modules of > our own. Get your own magic 8 ball to predict the order of popularity :-) I wish your benchmarks well... thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Dec 26 2002 - 16:47:16 PST