Re: [PATCH] [request for inclusion] Realtime LSM

From: Paul Davis
Date: Fri Jan 07 2005 - 11:16:49 EST

Next message: Badari Pulavarty: "[RFC] 2.4 and stack reduction patches"
Previous message: Vivek Goyal: "Re: SCSI aic7xxx driver: Initialization Failure over a kdump reboot"
In reply to: Martin Mares: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Martin Mares: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Sure, filesystem capabilities would be nice, but for the stuff Paul
>mentions they aren't needed -- what you need is to grant capabilities
>to the user's session, which can be easily done by a PAM module.

i think this is true only if the kernel comes with capabilities
enabled.

various media-centric distributions (CCRMA, demudi, dyne:bolic and
others) enabled them for their 2.4 kernels, but not the major
desktop-centric ones. then the impression began to be received that in
2.6, capabilities were even more questionable of a mechanism to use.
In addition, the LSM system appeared, and seemed to offer a much
better solution entirely: no need to patch the kernel at all, or at
least it appeared to be so in the beginning. Hence the "realtime" LSM.

--p
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Badari Pulavarty: "[RFC] 2.4 and stack reduction patches"
Previous message: Vivek Goyal: "Re: SCSI aic7xxx driver: Initialization Failure over a kdump reboot"
In reply to: Martin Mares: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Martin Mares: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]