On Wed, 5 Feb 2003 23:30, Christoph Hellwig wrote: > The main point is that LSM in the current shape, with every single policy > detail left to the modules (compare that say to the linux filesystem code > where we have lots of very different filesystems and still have as much as > possible policy decision in the core code, this is one of the really strong > points of Linux!) is a very bad idea and I _really_ don't want to see > it in the next major stable release. My understanding is that LSM was created at the request of Linus because there were several groups of people who had different patches for security policy in "core code". Linus apparently didn't like that idea and requested a framework so that Linux would not be tied to one particular security model. Someone please correct me if my understanding of LSM history is incorrect. Now as for the issue of code to use the hooks, SE Linux uses almost all the hooks and I'm sure that Steve can send in the appropriate patch at any time... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 14:41:18 PST