Re: [BK PATCH] LSM changes for 2.5.59

• Previous message: Makan Pourzandi (LMC): "RE: [BK PATCH] LSM changes for 2.5.59"
• In reply to: Makan Pourzandi (LMC): "RE: [BK PATCH] LSM changes for 2.5.59"
• Next in thread: 'Christoph Hellwig': "Re: [BK PATCH] LSM changes for 2.5.59"
• Reply: 'Christoph Hellwig': "Re: [BK PATCH] LSM changes for 2.5.59"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Makan Pourzandi (LMC)" a écrit :

> > > > I'm very serious about submitting a patch to Linus to
> > remove all hooks not
> > > > used by any intree module once 2.6.0-test.
> > >
> > > Any idea on how much time that gives us (to rework SELinux
> > and submit
> > > it)?
> >
>
> Further more, I believe that LSM encourages the developers in the community to take initiatives related to security in Linux. This way, it helps developing different security approaches. This at the end, even if we choose to go with only one approach and drop others,  will help the diversity of existing solutions and the possibility of choosing among a set of solutions (hopefully the best one will be chosen). IMHO, to let people be able to come up with different security approaches, we have
> to let LSM be part of the kernel in order to encourage people to
> develop their approach.
>
> That was my 2 cents.
>
> Regards,
> Makan Pourzandi

Hi,
I'm the leader of a project, developping a sandbox (processes confinement environment) for Linux based on LSM.
Our approach is dedicated for peer-to-peer global computing environments. I totally agree with Makan about the
diversity of developpement : we dont have the same goals than SELinux. The LSM project followed two phases :
in a first one, everybody was thinking about what could be good to integrate in LSM and now (the second phase),
a few people think about what they can remove because they dont use it. We need a flexible and reasonably complete
framework to implement solutions. I recall that it was the original request from Linus : a generic framework to decide
which kind of security solutions are the best. If LSM fits only one or two policy requirements, the choice does not
exist. For finishing : PLEASE, stop reducing LSM possibilities : it cost a lot to develop things for a hook and then
redevelopping it for a classical syscall interposition.
bests
Frédéric Magniette (University of Orsay/CNRS)

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: 'Christoph Hellwig': "Re: [BK PATCH] LSM changes for 2.5.59"
• Previous message: Makan Pourzandi (LMC): "RE: [BK PATCH] LSM changes for 2.5.59"
• In reply to: Makan Pourzandi (LMC): "RE: [BK PATCH] LSM changes for 2.5.59"
• Next in thread: 'Christoph Hellwig': "Re: [BK PATCH] LSM changes for 2.5.59"
• Reply: 'Christoph Hellwig': "Re: [BK PATCH] LSM changes for 2.5.59"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 12 2003 - 10:35:16 PST