Re: [patch 1/3] lsm: add bsdjail module

[Andrew Morton]

Chris Wright <chrisw@xxxxxxxx> wrote:
>
> * Andrew Morton (akpm@xxxxxxxx) wrote:
> > James Morris <jmorris@xxxxxxxxxx> wrote:
> > > On Thu, 7 Oct 2004, Serge E. Hallyn wrote:
> > > 
> > >  > Because it gives Linux a functionality like FreeBSD's jail and Solaris'
> > >  > zones in an unobtrusive manner, without impacting users who don't wish
> > >  > to use it  (except for the extra security_task_lookup function calls).
> > > 
> > >  Yes, as an LSM module, it can be configured out.  I think it's a good use
> > >  of the LSM framework, and may be useful for people migrating to Linux from
> > >  legacy Solaris and FreeBSD.
> > 
> > Sure, but that's a bit speculative for adding a feature to the mainline
> > kernel.
> 
> Which feature are you concerned over, the additional hook or the
> new module?

I am concerned about the presence of new code - simple as that.

We need to be able to demonstrate that the new code is sufficiently useful
to a sufficiently large number of people as to warrant the cost of
maintaining it in the tree for the rest of eternity.

>  The module is a no-op for anybody who doesn't want it.

It still needs to be maintained.

> I can't vouch for the number of users of this module although I've seen
> some positive feedback from users.  One nice bit is that it goes a way
> towards helping vserver which does have quite a few users.

Tell us more.

>  This module
> really demonstrates one of the points of LSM...to support multiple
> security models.

Sure.  But that doesn't mean that those modules have to live at kernel.org
rather than, say, at bsdjail.sourceforge.net.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/