'Christoph Hellwig' wrote: >On Sun, Feb 09, 2003 at 07:40:17PM -0800, Crispin Cowan wrote: > > >>[move security logic out to a module] It has many nice properties, but is much more invasive to the >>kernel. I think it is a very interesting idea for 2.7, and should be >>floated past the maintainers who will be impacted to see if it has a >>hope in hell. >> >> >*nod* and until we get that gets implemented we should remove the current >mess.. > Am I parsing this correctly, that we actually agree on something? :-) I.e. that the idea of moving all the security logic to a module has merit. Naturally, I disagree that we should remove the current LSM. The current version was designed to be what Linus asked for. Many LSM people like the idea of moving all the security logic out to a module, as it makes the interface much cleaner. But it is also waaay beyond the scope of what Linus asked for. It involves re-factoring so much code that we did not think it could be done correctly on the first try, never mind trying to get many code maintainers to accept much larger patches. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html Just say ".Nyet"
This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 00:33:59 PST