Re: [BK PATCH] LSM changes for 2.5.59

From: Russell Coker (russellat_private)
Date: Wed Feb 05 2003 - 14:39:46 PST

  • Next message: Christoph Hellwig: "Re: [BK PATCH] LSM changes for 2.5.59"

    On Wed, 5 Feb 2003 23:30, Christoph Hellwig wrote:
    > The main point is that LSM in the current shape, with every single policy
    > detail left to the modules (compare that say to the linux filesystem code
    > where we have lots of very different filesystems and still have as much as
    > possible policy decision in the core code, this is one of the really strong
    > points of Linux!) is a very bad idea and I _really_ don't want to see
    > it in the next major stable release.
    
    My understanding is that LSM was created at the request of Linus because there 
    were several groups of people who had different patches for security policy 
    in "core code".  Linus apparently didn't like that idea and requested a 
    framework so that Linux would not be tied to one particular security model.  
    Someone please correct me if my understanding of LSM history is incorrect.
    
    Now as for the issue of code to use the hooks, SE Linux uses almost all the 
    hooks and I'm sure that Steve can send in the appropriate patch at any 
    time...
    
    -- 
    http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
    http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
    http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
    http://www.coker.com.au/~russell/  My home page
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 14:41:18 PST