On Wed, May 25, 2005 at 08:10:47PM -0400, James Morris wrote: > Note: out of tree kernel code does not count for anything. It's not > really part of the Linux kernel. Mainline maintainers don't care about it > and should not be expected to. If I recall correctly LSM was created precisely because Linus didn't care about security and didn't want to. In the context of this I don't understand most of the above. > As for choice, your LSM module is not in the mainline kernel, so only > users of your particular kernel really get that choice. Why does LSM then > need to be in the upstream kernel? Why not just keep it in yours, to > support your out of tree security module. Why impose the burdens and > limitations of LSM on the upstream kernel. a) Is LSM as it's currently defined a burden and limitation on the upstream kernel? Serious question. I'm curious if it is actually viewed this way. I can see that the interface doesn't let you easily do what you'd like (it doesn't for us either) and that changes you would like expose a potential additional burden and thus get rejected but this isn't the same thing. b) LSM exists in the kernel to support a variety of modules which _users_ can choose to load on their stock 2.6 kernel as they see fit. It is of course hard to form any lucid argument once it's been decided that maintainers are the only ones who count. Thanks Tony
This archive was generated by hypermail 2.1.3 : Wed May 25 2005 - 18:14:47 PDT