James Morris wrote: >Given that nobody has come up with an upstream alternative to SELinux >since the merging of LSM, this should certainly be considered. > >In fact, there has recently been some discussion about removing LSM >completely and just using SELinux directly. > A major design goal of LSM was that Linus does not have to choose which security model to use, and does not have to maintain it. The lack of modules *in Linus' tree* would seem to be evidence that this is working :) As a supplier of a different security module than SELinux, I naturally vehemently object to the suggestion of "just remove LSM and use SELinux instead." That would be a huge step backwards. Linux is all about choice, and LSM effectively provides for that choice. Sparing you all the marketing hype, Immunix offers substantial advantages over SELinux in many contexts, and LSM lets users make that choice. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Director of Software Engineering, Novell http://novell.com
This archive was generated by hypermail 2.1.3 : Wed May 25 2005 - 11:57:23 PDT