Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

On Mon, 17 Apr 2006 22:26:24 BST, Alan Cox said:

(Two replies to this paragraph, addressing 2 separate issues....)

> You can implement a BSD securelevel model in SELinux as far as I can see
> from looking at it, and do it better than the code today, so its not
> really a feature drop anyway just a migration away from some fossils

If we heave the LSM stuff overboard, there's one thing that *will* need
addressing - what to do with kernel support of Posix-y capabilities.  Currently
some of the heavy lifting is done by security/commoncap.c.

Frankly, that's *another* thing that we need to either *fix* so it works right,
or rip out of the kernel entirely.  As far as I know, there's no in-tree way
to make /usr/bin/ping be set-CAP_NET_RAW and have it DTRT.

Attachment: pgpIhejJNSFMQ.pgp
Description: PGP signature

---

• Follow-Ups:
  • Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
    • From: Pavel Machek <[email protected]>
  • Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
    • From: Crispin Cowan <[email protected]>
  • Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
    • From: "Serge E. Hallyn" <[email protected]>

• References:
  • [RFC] packet/socket owner match (fireflier) using skfilter
    • From: Török Edwin <[email protected]>
  • [RFC][PATCH 2/7] implementation of LSM hooks
    • From: Török Edwin <[email protected]>
  • Re: [RFC][PATCH 2/7] implementation of LSM hooks
    • From: Stephen Smalley <[email protected]>
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    • From: Török Edwin <[email protected]>
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    • From: Stephen Smalley <[email protected]>
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    • From: Christoph Hellwig <[email protected]>
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    • From: Stephen Smalley <[email protected]>
  • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
    • From: Christoph Hellwig <[email protected]>
  • Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
    • From: James Morris <[email protected]>
  • Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
    • From: Greg KH <[email protected]>
  • Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
    • From: Alan Cox <[email protected]>

• Prev by Date: Re: Bonding driver appears to call a sleeping function from an invalid context in 2.6.17-rc1
• Next by Date: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
• Previous by thread: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
• Next by thread: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]