>> > Seriously that makes a lot of sense. All other modules people have come up
>> > with over the last years are irrelevant and/or broken by design.
>>
>> It's been nearly a year since I proposed this, and we've not seen any
>> appropriate LSM modules submitted in that time.
>>
>> See
>> http://thread.gmane.org/gmane.linux.kernel.lsm/1120
>> http://thread.gmane.org/gmane.linux.kernel.lsm/1088
>>
>> The only reason I can see to not delete it immediately is to give BSD
>> secure levels users a heads-up, although I thought it was already slated
>> for removal. BSD secure levels is fundamentally broken and should
>> never have gone into mainline.
>
>been a very long time and so far, only out-of-tree LSMs are present,
>with no public statements about getting them submitted into the main
>kernel tree. And, I think almost all of the out-of-tree modules already
>need other kernel patches to get their code working properly, so what's
>a few more hooks needed...
>
>/me pokes the bushes to flush out the people lurking
>
Well then, have a look at http://alphagate.hopto.org/multiadm/
There is a reason to why people [read: I] do not submit out-of-tree (OOT)
modules; because I think chances are low that they get in. Sad fact about the
Linux kernel.
>Oh, but do remember, the main goal of LSM was to stop people from
>arguing about different security models. Now that it is in, we haven't
>had any bickering about different types of things that should go into
>mainline, all with different models and usages. Everyone gets to play
>in their own sandbox and not worry about anyone else. If the LSM
>interface was to go away, that problem would start happening again, and
>I don't think we want to go there.
>
>So, I think the only way to be able to realisticly keep the LSM
>interface, is for a valid, working, maintained LSM-based security model
>to go into the kernel tree. So far, I haven't seen any public posting
>of patches that meet this requirement :(
In that case, maybe it would be worthwhile to flip the positions, i.e. LSM on
top of SELinux, sort of a compat layer.
Jan Engelhardt
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]