Quoting Chris Wright (chrisw@private): > * serue@private (serue@private) wrote: > > Quoting Chris Wright (chrisw@private): > > > The primary purpose of the hooks is access control. Some of them, of > > > course, are helpers to keep labels coherent. IIRC, James objected > > > because the measurement data was simply collected from these hooks. > > > > Ok, so to be clear, any module which does not directly impose some form > > of access control is not eligible for an LSM? > > That's exactly the intention, yes. Ok, thanks. I thought it was intended to be more general than that - in fact I specifically thought it was not intended to be purely for single machine authentication decisions within a single kernel module, but that anything which would aid in enabling new security features, locally or remotely, would be game. (Which - it means nothing - but I would clearly have preferred :) Thanks for setting me straight. -serge
This archive was generated by hypermail 2.1.3 : Wed Jun 15 2005 - 15:43:10 PDT