Re: [BK PATCH] LSM changes for 2.5.59

From: Crispin Cowan (
Date: Mon Feb 10 2003 - 03:33:12 EST

'Christoph Hellwig' wrote:

>On Sun, Feb 09, 2003 at 07:40:17PM -0800, Crispin Cowan wrote:
>>[move security logic out to a module] It has many nice properties, but is much more invasive to the
>>kernel. I think it is a very interesting idea for 2.7, and should be
>>floated past the maintainers who will be impacted to see if it has a
>>hope in hell.
>*nod* and until we get that gets implemented we should remove the current
Am I parsing this correctly, that we actually agree on something? :-)
I.e. that the idea of moving all the security logic to a module has merit.

Naturally, I disagree that we should remove the current LSM. The current
version was designed to be what Linus asked for. Many LSM people like
the idea of moving all the security logic out to a module, as it makes
the interface much cleaner. But it is also waaay beyond the scope of
what Linus asked for. It involves re-factoring so much code that we did
not think it could be done correctly on the first try, never mind trying
to get many code maintainers to accept much larger patches.


Crispin Cowan, Ph.D.
Chief Scientist, WireX            
Security Hardened Linux Distribution:
Available for purchase:
			    Just say ".Nyet"

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to More majordomo info at Please read the FAQ at

This archive was generated by hypermail 2b29 : Sat Feb 15 2003 - 22:00:26 EST