Re: New stacker performance results

From: Crispin Cowan (crispin@private)
Date: Wed May 25 2005 - 11:56:18 PDT

James Morris wrote:
>Given that nobody has come up with an upstream alternative to SELinux 
>since the merging of LSM, this should certainly be considered.
>In fact, there has recently been some discussion about removing LSM
>completely and just using SELinux directly.
A major design goal of LSM was that Linus does not have to choose which
security model to use, and does not have to maintain it. The lack of
modules *in Linus' tree* would seem to be evidence that this is working :)

As a supplier of a different security module than SELinux, I naturally
vehemently object to the suggestion of "just remove LSM and use SELinux
instead." That would be a huge step backwards. Linux is all about
choice, and LSM effectively provides for that choice. Sparing you all
the marketing hype, Immunix offers substantial advantages over SELinux
in many contexts, and LSM lets users make that choice.

Crispin Cowan, Ph.D.            
Director of Software Engineering, Novell

This archive was generated by hypermail 2.1.3 : Wed May 25 2005 - 11:57:23 PDT