Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

From: Valdis . Kletnieks
Date: Mon Apr 24 2006 - 20:32:24 EST

Next message: Diego Calleja: "Re: C++ pushback"
Previous message: Chandra Seetharaman: "Re: Linux 2.6.17-rc2 - notifier chain problem?"
In reply to: Arjan van de Ven: "Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7]implementation of LSM hooks)"
Next in thread: Pavel Machek: "Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 24 Apr 2006 11:12:22 +0200, Arjan van de Ven said:

> So at minimum a debate about most the hooks is in order, as well as the
> mechanism; I'm increasingly getting convinced the 'security_ops' thing
> is misdesigned. I rather have a setup where the hooks at compiletime
> resolve to the function of the LSM you've chosen (be it SELinux or
> AppArmor) rather than the current solution. It's not like you
> realistically can or want to provide both SELinux and AppArmor with the
> same kernel anyway..

Doing so would require some redesign work for the current code that uses
the pointers to stack SELinux and capabilities. Not a show-stopper by
any means, just an entry for the 'to-do' list if we go that route...

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Diego Calleja: "Re: C++ pushback"
Previous message: Chandra Seetharaman: "Re: Linux 2.6.17-rc2 - notifier chain problem?"
In reply to: Arjan van de Ven: "Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7]implementation of LSM hooks)"
Next in thread: Pavel Machek: "Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]