It's not. You put a bit of capability logic into a LSM module, but all
the specific calls to capable are still around and turned into an LSM hook -
often near another hook.
> >_\implemented\_ (team members & prjct lead Linda Walsh) to move all
> >security checks out of the kernel into a 'default policy' module.
> >The code to implement this was submitted to the LSM list in June 1991.
> >
> And I actually like that plan. But I still believe it to be too radical
> for 2.6.
It's too later for 2.6 _now_. If you started doing this in early 2.5
we'd have a much less messy ACC architecture by now.
> It has many nice properties, but is much more invasive to the
> kernel. I think it is a very interesting idea for 2.7, and should be
> floated past the maintainers who will be impacted to see if it has a
> hope in hell.
*nod* and until we get that gets implemented we should remove the current
mess..
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/