On Thu, Jul 19, 2007 at 07:56:53AM -0500, Scott Preece wrote:
> On 7/19/07, James Morris <[email protected]> wrote:
>> On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
>>
>> > If we could get a few (non-afilliated :) people who work with
>> > customers in the security field to tell us whether this is being
>> > used, that would be very helpful. Not sure how to get that.
>>
>> The mainline kernel does not cater to out of tree code.
>
> Please distinguish between "cater to" and "support". If the kernel
> didn't worry about supporting out-of-tree code, then why would there
> be loadable module at all?
>...
Distribution kernels need modules or the kernel images would be
extremely large.
> Another twist is to use a tool to generate the module from a
> policy-definition file; this could be done at boot-time or could be
> done to replace the current policy on a running system (perhaps to add
> a new domain corresponding to a newly added service). Yes, this would
> need to be done with a lot of care, but part of providing mechanism
> (rather than policy) is enabling people to use the mechanism in the
> ways they prefer.
Why do you need to generate a module for changing a policy?
Software like SELinux contains the mechanisms to change the policy
without having to change the kernel.
> scott
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]