* Serge E. Hallyn (serue@private) wrote: > Quoting Chris Wright (chrisw@private): > > * serue@private (serue@private) wrote: > > > Quoting Chris Wright (chrisw@private): > > > > The primary purpose of the hooks is access control. Some of them, of > > > > course, are helpers to keep labels coherent. IIRC, James objected > > > > because the measurement data was simply collected from these hooks. > > > > > > Ok, so to be clear, any module which does not directly impose some form > > > of access control is not eligible for an LSM? > > > > That's exactly the intention, yes. > > Ok, thanks. > > I thought it was intended to be more general than that - in fact I > specifically thought it was not intended to be purely for single machine > authentication decisions within a single kernel module, but that anything > which would aid in enabling new security features, locally or remotely, > would be game. (Which - it means nothing - but I would clearly have > preferred :) The problem with being more general is it becomes a more attractive target for abuse. thanks, -chris
This archive was generated by hypermail 2.1.3 : Wed Jun 15 2005 - 15:53:16 PDT