Re: [BK PATCH] LSM changes for 2.5.59

From: magniett (Frederic.Magnietteat_private)
Date: Wed Feb 12 2003 - 11:11:09 PST

  • Next message: 'Christoph Hellwig': "Re: [BK PATCH] LSM changes for 2.5.59"

    "Makan Pourzandi (LMC)" a écrit :
    > > > > I'm very serious about submitting a patch to Linus to
    > > remove all hooks not
    > > > > used by any intree module once 2.6.0-test.
    > > >
    > > > Any idea on how much time that gives us (to rework SELinux
    > > and submit
    > > > it)?
    > >
    > Further more, I believe that LSM encourages the developers in the community to take initiatives related to security in Linux. This way, it helps developing different security approaches. This at the end, even if we choose to go with only one approach and drop others,  will help the diversity of existing solutions and the possibility of choosing among a set of solutions (hopefully the best one will be chosen). IMHO, to let people be able to come up with different security approaches, we have
    > to let LSM be part of the kernel in order to encourage people to
    > develop their approach.
    > That was my 2 cents.
    > Regards,
    > Makan Pourzandi
    I'm the leader of a project, developping a sandbox (processes confinement environment) for Linux based on LSM.
    Our approach is dedicated for peer-to-peer global computing environments. I totally agree with Makan about the
    diversity of developpement : we dont have the same goals than SELinux. The LSM project followed two phases :
    in a first one, everybody was thinking about what could be good to integrate in LSM and now (the second phase),
    a few people think about what they can remove because they dont use it. We need a flexible and reasonably complete
    framework to implement solutions. I recall that it was the original request from Linus : a generic framework to decide
    which kind of security solutions are the best. If LSM fits only one or two policy requirements, the choice does not
    exist. For finishing : PLEASE, stop reducing LSM possibilities : it cost a lot to develop things for a hook and then
    redevelopping it for a classical syscall interposition.
    Frédéric Magniette (University of Orsay/CNRS)
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed Feb 12 2003 - 10:35:16 PST