'Christoph Hellwig' wrote: >[argg, any chance you two could get RFC-complaint mailers?] > >On Wed, Feb 12, 2003 at 07:11:09PM +0000, magniett wrote: > > >>exist. For finishing : PLEASE, stop reducing LSM possibilities : it cost a lot to develop things for a hook and then >>redevelopping it for a classical syscall interposition. >> >> >There's no one taking away the LSM patches. Anyway life would be a lot >simpler if you actually announced the stuff you do on lkml instead of hiding >behind the moon. The only chance hook you need will stay is that you >discuss them publically here. > For the second time in a week, I agree with HCH: If you are developing an LSM module, then by all means please make it publicly known. Whether we host your source or not, we want to at least link to your site from http://lsm.immunix.org/lsm_modules.html WRT "taking away LSM patches": HCH wants to remove hooks that "no one uses" and also complains about LSM being a big ugly undesigned hack lacking abstraction. LSM does have an abstract design: it mediates access to major internal kernel objects (processes, inodes, etc.) by user-space processes, throwing access requests out to the LSM module. If you remove some of these hooks because they don't have a *present* module using them, then you break the abstraction. People tell me that preserving functionality for the sake of abstraction is "not the Linux way". Ok, sure, but you degrade the quality of abstraction if you aggressively prune the interface. But it would be much better to short-circuit that debate, and have extant modules that use the hooks than to try to defend them on the basis of abstraction. So if your sekrit module uses a hook, post here, or your hook may go away. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html Just say ".Nyet"
This archive was generated by hypermail 2b30 : Wed Feb 12 2003 - 14:23:02 PST