Re: [BK PATCH] LSM changes for 2.5.59

• Previous message: David Wagner: "Re: [BK PATCH] LSM changes for 2.5.59"
• In reply to: 'Christoph Hellwig': "Re: [BK PATCH] LSM changes for 2.5.59"
• Next in thread: Alan Cox: "Re: [BK PATCH] LSM changes for 2.5.59"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

'Christoph Hellwig' wrote:
>Yes.  If we want so support security models more complicated than plain
>UNIX DAC (an especially more than one of those) there's no way around
>moving all access control out of the core kernel.

That's not right (and we have existence proofs that one can
implement other security policies using the current LSM).
There are good reasons for moving all access control out of the
kernel, but let's not overstate them.

>The other point I'm extremly unhappy with
>adding them without adding it's users.

Can you elaborate?  I'd be interested to hear why.  (This is
not a criticism; I'm just trying to understand your objections.)
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Casey Schaufler: "Re: [BK PATCH] LSM changes for 2.5.59"
• Previous message: David Wagner: "Re: [BK PATCH] LSM changes for 2.5.59"
• In reply to: 'Christoph Hellwig': "Re: [BK PATCH] LSM changes for 2.5.59"
• Next in thread: Alan Cox: "Re: [BK PATCH] LSM changes for 2.5.59"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 08:59:01 PST