Re: New stacker performance results

From: Crispin Cowan (crispin@private)
Date: Wed May 25 2005 - 18:23:31 PDT


James Morris wrote:
>He wanted to avoid deciding on the "correct" access control model:
>http://mail.wirex.com/pipermail/linux-security-module/2001-April/0005.html
>  
Indeed, choosing the "correct" module is very difficult, and may be
impossible, as different settings have different requirements.

>(I would argue that his "truly generic" requirement was fulfilled by 
>SELinux).
>  
I argue that it definitely does not have such generality. A trivial
proof of that is that some setting may require a solution that is much
smaller (time, space, etc.) and thus SELinux would fail to qualify
precisely because of its generality.

LSM, in contrast, is at a lower level, and so can provide full
generality without bloat because it pushes the complexity to the module,
letting the user choose how much complexity they want to buy into.

>>I had *assumed* that the Linux kernel community was not interested in
>>maintaining and bugfixing my module, and so I deliberately avoided
>>submitting it as a courtesy.
>>    
>That's a common misperception.  By getting code included upstream, the 
>kernel developers are taking some responsibility for your code.  If they 
>change something which affects your code, they'll then usually update 
>your code at the same time.  More people will use it.  You'll get more bug 
>reports and patches.
>  
Ok. Sorry I misunderstood.

>>I similarly do not submit my applications for mainline inclusion just
>>because they use some Linux syscalls.
>>    
>Please also refrain from submitting your keyboard and mouse, thanks.
>  
:)

>>However, if mainstream kernel inclusion is required to "count" as a
>>user, then I'm happy to do that. The module code is GPL anyway, and
>>we'll start looking at what it will take to push it to mainstream. This
>>seems like a weird requirement to me, but if it is what's required, I
>>don't have a problem with it.
>>    
>Great.
>  
If that's what it takes to put this to rest, I'll concentrate on pushing
the code to mainstream instead of bitching about the limitations of SELinux.

Crispin
-- 
Crispin Cowan, Ph.D.                      http://immunix.com/~crispin/
Director of Software Engineering, Novell  http://novell.com



This archive was generated by hypermail 2.1.3 : Wed May 25 2005 - 18:24:22 PDT