Re: New stacker performance results

From: Tony Jones (tonyj@private)
Date: Wed May 25 2005 - 17:58:41 PDT


On Wed, May 25, 2005 at 08:10:47PM -0400, James Morris wrote:

> Note: out of tree kernel code does not count for anything.  It's not
> really part of the Linux kernel.  Mainline maintainers don't care about it
> and should not be expected to.  

If I recall correctly LSM was created precisely because Linus didn't care 
about security and didn't want to.  In the context of this I don't understand 
most of the above.

> As for choice, your LSM module is not in the mainline kernel, so only
> users of your particular kernel really get that choice.  Why does LSM then
> need to be in the upstream kernel?  Why not just keep it in yours, to
> support your out of tree security module.  Why impose the burdens and
> limitations of LSM on the upstream kernel.

a) Is LSM as it's currently defined a burden and limitation on the upstream
   kernel? Serious question. I'm curious if it is actually viewed this way. I 
   can see that the interface doesn't let you easily do what you'd like (it 
   doesn't for us either) and that changes you would like expose a potential 
   additional burden and thus get rejected but this isn't the same thing.

b) LSM exists in the kernel to support a variety of modules which _users_ can
   choose to load on their stock 2.6 kernel as they see fit.     It is of 
   course hard to form any lucid argument once it's been decided that 
   maintainers are the only ones who count.

Thanks

Tony



This archive was generated by hypermail 2.1.3 : Wed May 25 2005 - 18:14:47 PDT