Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Oct 24, 2007 at 03:58:02PM -0700, Casey Schaufler wrote:
> 
> --- Adrian Bunk <[email protected]> wrote:
> 
> > ...
> > 
> > There are other points in this thread that might or might not warrant 
> > making LSM modular again, but even though it might sound harsh breaking 
> > external modules and thereby making people aware that their code should 
> > get into the kernel is IMHO a positive point.
> 
> Those proposing LSM modules over the past couple years have
> been treated most harshly. I have personally taken the least
> flak of anyone on my proposal, and at that there have been
> times where I felt like pulling out the #5 clue stick and
> taking a few swings. It's no wonder that people are afraid
> to suggest a module. I didn't do it until I had combed through
> the archives and prepared answers for the most common attacks.
> I hope that Smack moving forward will defuse some of the bad
> vibes that have clouded the LSM for so long. I don't blame
> anyone who kept their module to themself given the hostility
> which even successful products have encountered.
> 
> And don't give me the old "LKML is a tough crowd" feldercarb.
> Security modules have been much worse. Innovation, even in
> security, is a good thing and treating people harshly, even
> "for their own good", is an impediment to innovation.

What I'm giving you is "Linus has decreed there can be LSMs other than 
SELinux."

Getting LSMs included should no longer be harder than for other 
parts of the kernel.

And don't get me wrong, I'm not saying my point should decide this 
discussion. It's simply the point that making it harder for external 
code also has advantages.

> Casey Schaufler

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux