Re: [RFC][PATCH 0/11] security: AppArmor - Overview

[Tony Jones]

On Thu, Apr 20, 2006 at 08:09:17AM -0500, Serge E. Hallyn wrote:
> Quoting grundig (grundig@xxxxxxxxxxx):
> > El Wed, 19 Apr 2006 18:32:30 -0700,
> > Crispin Cowan <crispin@xxxxxxxxxx> escribi?:
> > 
> > > Our controls on changing the name space have rather poor granularity at
> > > the moment. We hope to improve that over time, and especially if LSM
> > > evolves to permit it. This is ok, because as Andi pointed out, there are
> > > currently few applications using name spaces, so we have time to improve
> > > the granularity.
> > 
> > Wouldn't have more sense to improve it and then submit it instead of the
> > contrary? At least is the rule which AFAIK is applied to every feature 
> > going in the kernel, specially when there's an available alternative
> > which users can use meanwhile (see reiser4...)
> 
> hah, that's funny
> 
> When people do that, they are rebuked for not submitting upstream.  At
> least this way, we can have a discussion about whether the approach
> makes sense at all.

When an out of tree user is requesting a change for which it will likely be 
the only user (such that it can make it in tree), caution is warranted.  But 
it does create a bit of a chicken and egg conundrum for the proposer.  

At least this is the way it's always seemed to me (re: the requested VFS/LSM
changes). Anyways, it's not an issue and there isn't a lot of point dwelling
over past LSM history. I 100% agree with Serge, discussion first about the 
approach is definately the way to go.

Tony
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/