Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

[Olivier Galibert]

On Mon, Apr 24, 2006 at 01:42:31PM +0100, Alan Cox wrote:
> On Llu, 2006-04-24 at 10:24 +0200, Lars Marowsky-Bree wrote:
> > On 2006-04-23T05:45:34, Valdis.Kletnieks@xxxxxx wrote:
> > 
> > > > AppArmor are not likely to put careful thought into the policies that
> > > > they use?
> > > They're not likely to put careful thought into it, *AND* that saying things
> > > like "AppArmor is so *simple* to configure" only makes things worse - this
> > > encourages unqualified people to create broken policy configurations.
> > 
> > That is about the dumbest argument I've heard so far, sorry. 
> 
> Its the conclusion of most security experts I know that broken security
> is worse than no security at all. 

While that may be true[1], it gets a little annoying when broken is
meant to be synonymous to "not the SELinux model".  Especially since
there are aspects where SELinux' security can be considered broken,
complexity being one of them, crappy failure modes being another,
handling of new files a third, handling of namespaces a fourth.

Paths vs. inodes is religion, nothing else.  There are arguments for
and against on both sides.  LSM was supposed to be inclusive of all
beliefs, has that changed?

  OG.

[1] Why do we have uis and permission bits already?  After all, it's
not perfect hence broken, right?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/