Re: [PATCH] [request for inclusion] Realtime LSM

From: Matt Mackall
Date: Tue Jan 11 2005 - 14:05:46 EST

Next message: Steve Longerbeam: "Re: page migration patchset"
Previous message: YhLu: "RE: 256 apic id for amd64"
In reply to: Jack O'Quin: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: utz lehmann: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 11, 2005 at 10:28:13AM -0600, Jack O'Quin wrote:
> Paul Davis <paul@xxxxxxxxxxxxxxxxxxxxx> writes:
>
> >>Rlimits are neither UID/GID or PAM-specific. They fit well within
> >>the general model of UNIX security, extending an existing mechanism
> >>rather than adding a completely new one. That PAM happens to be the
> >>way rlimits are usually administered may be unfortunate, yes, but it
> >>doesn't mean that rlimits is the wrong way.
>
> PAM is how most GNU/Linux systems manage rlimits. It is very UID/GID
> oriented. So from the sysadmin perspective, claiming that rlimits is
> "better" or "easier to manage" than "GID hacks" is bogus.

Yes, you're right, so let's invent something completely new and
inherently much less flexible so that the problem is made worse on
both fronts.

--
Mathematics is the supreme nostalgia of our time.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steve Longerbeam: "Re: page migration patchset"
Previous message: YhLu: "RE: 256 apic id for amd64"
In reply to: Jack O'Quin: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: utz lehmann: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]