On Sun, Feb 09, 2003 at 07:40:17PM -0800, Crispin Cowan wrote:
> > Also unsupported: The "no-security" model -- where all security
> >is thrown out (to save memory space and cycles) that was desired for embedded work.
> >
> False: capabilities is now a removable module, which is what Linus asked
> for.
It's not. You put a bit of capability logic into a LSM module, but all
the specific calls to capable are still around and turned into an LSM hook -
often near another hook.
> >_\implemented\_ (team members & prjct lead Linda Walsh) to move all
> >security checks out of the kernel into a 'default policy' module.
> >The code to implement this was submitted to the LSM list in June 1991.
> >
> And I actually like that plan. But I still believe it to be too radical
> for 2.6.
It's too later for 2.6 _now_. If you started doing this in early 2.5
we'd have a much less messy ACC architecture by now.
> It has many nice properties, but is much more invasive to the
> kernel. I think it is a very interesting idea for 2.7, and should be
> floated past the maintainers who will be impacted to see if it has a
> hope in hell.
*nod* and until we get that gets implemented we should remove the current
mess..
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Feb 15 2003 - 22:00:25 EST