Re: [BK PATCH] LSM changes for 2.5.59

'Christoph Hellwig' (hch@infradead.org)
Mon, 10 Feb 2003 08:21:40 +0000


On Sun, Feb 09, 2003 at 07:40:17PM -0800, Crispin Cowan wrote:
> > Also unsupported: The "no-security" model -- where all security
> >is thrown out (to save memory space and cycles) that was desired for embedded work.
> >
> False: capabilities is now a removable module, which is what Linus asked
> for.

It's not. You put a bit of capability logic into a LSM module, but all
the specific calls to capable are still around and turned into an LSM hook -
often near another hook.

> >_\implemented\_ (team members & prjct lead Linda Walsh) to move all
> >security checks out of the kernel into a 'default policy' module.
> >The code to implement this was submitted to the LSM list in June 1991.
> >
> And I actually like that plan. But I still believe it to be too radical
> for 2.6.

It's too later for 2.6 _now_. If you started doing this in early 2.5
we'd have a much less messy ACC architecture by now.

> It has many nice properties, but is much more invasive to the
> kernel. I think it is a very interesting idea for 2.7, and should be
> floated past the maintainers who will be impacted to see if it has a
> hope in hell.

*nod* and until we get that gets implemented we should remove the current
mess..

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/