Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
From: Casey Schaufler
Date: Tue Apr 25 2006 - 00:07:17 EST
--- "Serge E. Hallyn" <serue@xxxxxxxxxx> wrote:
> Ah yes. It needed to be authoritative. I did
> recall incorrectly.
> I suspect some would argue that you are right that
> LSM is broken, but
> only because it wasn't allowed to be authoritative.
As I said at the time, I am disappointed that
authoritative hooks lost out, but it was hardly
the end of the world, and all in all, the LSM
that won out was a good first shot.
And of course, SGI's intent at the time was to
use LSM for audit. The prevailing attitude of
the day was that Linux would Never Allow Audit,
and a general scheme looked to be our best bet.
After LSM rejected authoritative hooks we
rewrote audit to use the accepted hook and,
get this, the Powers above canceled the project
the week we were to check it in.
I am happy to see the linux-audit project, and
happy to see POSIX ACLs as well. With an
authoritative LSM those would have been rolled
in and not required special interfaces of their
own. Oh well.
> Of course that
> was to increase chances of LSM upstream inclusion.
This was indeed a primary argument against
authoritative hooks, but the potential for
protrietary binary modules loomed large as
> Sorry Casey and
Ack. That association was strictly corporate.
> I bet that just makes it sting all the harder
> if LSM is now
> removed for not being sufficiently useful.
Eh, I've been right in the past and I've been
wrong in the past. I've had more code thrown out
of systems than a lot of you have ever written,
so an interface vector that's proven unpopular
isn't going to bring me down much.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/