--- Stephen Smalley <sds@private> wrote: > Can you point to a specific response that said that? Sorry, I'm not going to play that game. > I don't recall > seeing a LSM rejected by mainline for that reason. > I have seen > rejections due to: > - LSMs that were ad-hoc hacks rather than general > mechanisms, One man's "ad-hoc hack" is another man's "clever solution". ... and, because we have a general mechanism in SELinux, there's no need to try to justify it as such, because we don't need another general mechanism. > - Modules that weren't within the scope of LSM at > all, but were just > trying to use its hooks because the syscall table is > no longer exported, > - LSMs that lacked any real users. You're putting a chicken/egg limit in with that one. > This seems to miss the point that SELinux is already > upstream, open > source, and community-based. So SELinux is quite > capable of changing > (and being changed) in response to evolving > requirements, without any > encumbrances. Sure, and MULTICS was capable of evolution, and Trusted Solaris is still hanging around. It does not matter that it is upstream, open source, and community based. These are all good things. What matters is that some day it will fall from favor. The world will not end. If Linux is too tightly tied to SELinux and domain controls then Linux will suffer when the Next Big Thing in Security comes along that will be bad for Linux. A robust and widely used LSM will ease the transition when it occurs. Casey Schaufler casey@schaufler-ca.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
This archive was generated by hypermail 2.1.3 : Thu Jun 30 2005 - 13:57:29 PDT