Re: lsm stacker

From: Stephen Smalley (sds@private)
Date: Tue Jul 05 2005 - 08:20:43 PDT


On Thu, 2005-06-30 at 13:56 -0700, Casey Schaufler wrote:
> 
> --- Stephen Smalley <sds@private> wrote:
>  
> > Can you point to a specific response that said that?
> 
> Sorry, I'm not going to play that game.

Then I'll assume your original statement was false.

> >  I don't recall
> > seeing a LSM rejected by mainline for that reason. 
> > I have seen
> > rejections due to:
> > - LSMs that were ad-hoc hacks rather than general
> > mechanisms,
> 
> One man's "ad-hoc hack" is another
> man's "clever solution".

Possibly, but that doesn't change the fact that it isn't suitable for
mainline.  See the realtime LSM discussions for a case study.  And note
that the objections to it had nothing to do with SELinux.

> > - LSMs that lacked any real users.
> 
> You're putting a chicken/egg limit
> in with that one.

Not my limit.  See
http://marc.theaimsgroup.com/?l=linux-kernel&m=109717928411882&w=2

-- 
Stephen Smalley
National Security Agency



This archive was generated by hypermail 2.1.3 : Tue Jul 05 2005 - 08:55:52 PDT