Re: [PATCH try #2] security: Convert LSM into a static interface

From: James Morris
Date: Mon Jun 25 2007 - 17:14:41 EST

Next message: Ingo Molnar: "Re: [RFC PATCH 0/6] Convert all tasklets to workqueues"
Previous message: Andrea Arcangeli: "Re: 2.6.22-rc5-yesterdaygit with VM debug: BUG in mm/rmap.c:66: anon_vma_link ?"
In reply to: Andreas Gruenbacher: "Re: [PATCH try #2] security: Convert LSM into a static interface"
Next in thread: Serge E. Hallyn: "Re: [PATCH try #2] security: Convert LSM into a static interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 25 Jun 2007, Andreas Gruenbacher wrote:

> It's useful for some LSMs to be modular, and LSMs which are y/n options won't
> have any security architecture issues with unloading at all.

Which LSMs? Upstream, there are SELinux and capabilty, and they're not
safe as loadable modules.

> The mere fact
> that SELinux cannot be built as a module is a rather weak argument for
> disabling LSM modules as a whole, so please don't.

That's not the argument. Please review the thread.

- James
--
James Morris
<jmorris@xxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [RFC PATCH 0/6] Convert all tasklets to workqueues"
Previous message: Andrea Arcangeli: "Re: 2.6.22-rc5-yesterdaygit with VM debug: BUG in mm/rmap.c:66: anon_vma_link ?"
In reply to: Andreas Gruenbacher: "Re: [PATCH try #2] security: Convert LSM into a static interface"
Next in thread: Serge E. Hallyn: "Re: [PATCH try #2] security: Convert LSM into a static interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]