On Wed, Feb 05, 2003 at 11:47:05AM -0500, Stephen D. Smalley wrote: > a classic kernel object (ctl_table) x operation interface, with the > subject implicitly passed via current, just like permission() for > inodes. A security module can leave the hook unimplemented (no > restrictions beyond DAC), or implement a purely process-based > restriction or implement fine-grained controls to individual sysctls. > Sysctls are already exposed to userspace via sysctl(2) and/or > /proc/sys, so I'm not sure what the concern is there. Nothing > complicated here. The wrong thing here is that you pass in the object itself, not it's ACC-relevant attributes. > > As to your argument about LSM's flexibility, LSM simply followed the > guidance on what would be accepted into 2.5. The original > SELinux/Flask architecture was more tightly integrated and had > well-defined boundaries while still providing substantial flexibility, > but the response to the SELinux presentation was to move towards > something more like LSM. Seems pointless to argue about it now, except > as suggestions for future directions for LSM in 2.7. No it seems not pointless. You add tons of undesigned cruft to 2.5 that will have to be maintained through all of 2.6. unless Linus hopefully pulls the plug soon enough. You still haven't even submitted a single example that actually uses LSM into mainline. Yes, I'm pissed that we get this crap all over the place, making code harder to follow and that without any actual benefit to the mainline tree. Please come up with something better for 2.7 and leave 2.5 alone, this will help anyone. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 10:38:12 PST