On Thu, 2005-06-30 at 12:47 -0700, Casey Schaufler wrote: > > >- most LSMs remaining out of tree, > > That's hardly surprising given that > the first response to a proposed > introduction is always "Well, you > can do that with SELinux, so it > shouldn't go in". Can you point to a specific response that said that? I don't recall seeing a LSM rejected by mainline for that reason. I have seen rejections due to: - LSMs that were ad-hoc hacks rather than general mechanisms, - Modules that weren't within the scope of LSM at all, but were just trying to use its hooks because the syscall table is no longer exported, - LSMs that lacked any real users. But not because you could already do the same thing via SELinux. > The truth is that security needs change > and today's hit solution (SELinux) will > go the way of yesterday's (Trusted > Solaris/Irix/HPUX) and the ones before > that. I would hate to see Linux become > yet another fossil in the slate beds > of system security because it > overcommitted to a particular > security fad. This seems to miss the point that SELinux is already upstream, open source, and community-based. So SELinux is quite capable of changing (and being changed) in response to evolving requirements, without any encumbrances. -- Stephen Smalley National Security Agency
This archive was generated by hypermail 2.1.3 : Thu Jun 30 2005 - 13:14:48 PDT