On Wed, 5 Feb 2003 23:30, Christoph Hellwig wrote:
> The main point is that LSM in the current shape, with every single policy
> detail left to the modules (compare that say to the linux filesystem code
> where we have lots of very different filesystems and still have as much as
> possible policy decision in the core code, this is one of the really strong
> points of Linux!) is a very bad idea and I _really_ don't want to see
> it in the next major stable release.
My understanding is that LSM was created at the request of Linus because there
were several groups of people who had different patches for security policy
in "core code". Linus apparently didn't like that idea and requested a
framework so that Linux would not be tied to one particular security model.
Someone please correct me if my understanding of LSM history is incorrect.
Now as for the issue of code to use the hooks, SE Linux uses almost all the
hooks and I'm sure that Steve can send in the appropriate patch at any
time...
-- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Feb 07 2003 - 22:00:18 EST