Re: Clarifications of LSM API

From: Tomas Olsson (tol@private)
Date: Wed Jun 30 2004 - 02:32:53 PDT

  • Next message: Crispin Cowan: "Re: Clarifications of LSM API"

    Crispin Cowan <crispin@private> writes:
    
    > So LSM does not so much "use" stacking as punt the issue to the
    > modules so that module implementers can choose their favorite form of
    > security policy composition.
    >
    A sound and simple policy. Too bad the way distros work today means that my
    module doesn't work on all default kernels. Even without SELinux.
    
    Of course, all is well for those of us who compile our own kernels. Most
    organisations don't. The distros rule the world, and to some degree, Linus'
    tree rules the distros.
    
    I do see the inherent problems, I'm just sorry that the framework cannot be
    as generally usable as it appeared to me yesterday. It is a great concept. 
    
    > Please subscribe if you want to discuss LSM :)
    > 
    You do have a point there... This discussion sure has been interesting.
    
    /Tomas
    



    This archive was generated by hypermail 2b30 : Wed Jun 30 2004 - 05:40:28 PDT