Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementationof LSM hooks)

[Jan Engelhardt]

>> 
>> Well then, have a look at http://alphagate.hopto.org/multiadm/
>> 
>
>hmm on first sight that seems to be basically an extension to the
>existing capability() code... rather than a 'real' LSM module. Am I
>missing something here?
>

(So what's the definition for a "real" LSM module?)

It's quite a "big" extension to the capability code inasfar as that 
access is not solely granted based on capabilities, but a matrix of 
capabilities plus UID/GID of filesystem objects.

This is not a "for fun" LSM like rootplug, but it was specifically 
developed to address some permission issues in an educational institution. 
The LSM hooks were there (and some more are added with MultiAdm), and it 
seemed a lot simpler than setting up SELinux.


Jan Engelhardt
-- 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/