Re: [BK PATCH] LSM changes for 2.5.59

From: Christoph Hellwig (
Date: Sun Feb 09 2003 - 15:06:26 EST

On Fri, Feb 07, 2003 at 09:20:08PM -0500, wrote:
> I disagree. The code submitted BOTH addresses the current needs and
> "vaguely anticipated future needs" (which I shall define as VAFN).

What is the "current needs" given that selinux is the only module actually
using it and it's neither in a mergeable shape nor is it legally clear
whether it can be merged?

> Open your mind. LSM supports both all current solutions for object-level
> security AND provides a valid basis for moving Linux toward providing, AS
> AN OPTION, true security. Personally, I don't think LSM is the "be all
> and end all" of a security interface, at this point, but I *do* think it's
> the best first-draft of a system that can lead to that end.

you don't get tru security by adding hooks. security needs a careful
design and more strict access control policy can but don't have to be part
of that design.

> What's your REAL problem? Somebody stepping on your territory?

The real problem is adding mess to the kernel.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Sat Feb 15 2003 - 22:00:23 EST