On Mon, Feb 10, 2003 at 12:33:12AM -0800, Crispin Cowan wrote: > Am I parsing this correctly, that we actually agree on something? :-) > I.e. that the idea of moving all the security logic to a module has merit. Yes. If we want so support security models more complicated than plain UNIX DAC (an especially more than one of those) there's no way around moving all access control out of the core kernel. > Naturally, I disagree that we should remove the current LSM. The current > version was designed to be what Linus asked for. Many LSM people like > the idea of moving all the security logic out to a module, as it makes > the interface much cleaner. But it is also waaay beyond the scope of > what Linus asked for. It involves re-factoring so much code that we did > not think it could be done correctly on the first try, never mind trying > to get many code maintainers to accept much larger patches. Well, usually adding changes to the core kernel in a proper way needs major refactoring of code - the approach of adding a small, "non-invasive" hack here and there leads to the typical mess seen in commercial operating systems, and in Linux we've avoided that mostly so far. As far keeping the current LSM hooks: I'm very unhappy with the design of the, that's one point. The other point I'm extremly unhappy with adding them without adding it's users. I'll shut up and be quite until 2.7 opens if you get a meaningfull LSM module merged that actually uses those hooks. If you don't get one in by 2.6-test I will send patches to remove those unused hooks. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 00:39:45 PST