Yes. If we want so support security models more complicated than plain
UNIX DAC (an especially more than one of those) there's no way around
moving all access control out of the core kernel.
> Naturally, I disagree that we should remove the current LSM. The current
> version was designed to be what Linus asked for. Many LSM people like
> the idea of moving all the security logic out to a module, as it makes
> the interface much cleaner. But it is also waaay beyond the scope of
> what Linus asked for. It involves re-factoring so much code that we did
> not think it could be done correctly on the first try, never mind trying
> to get many code maintainers to accept much larger patches.
Well, usually adding changes to the core kernel in a proper way needs
major refactoring of code - the approach of adding a small, "non-invasive"
hack here and there leads to the typical mess seen in commercial operating
systems, and in Linux we've avoided that mostly so far.
As far keeping the current LSM hooks: I'm very unhappy with the design
of the, that's one point. The other point I'm extremly unhappy with
adding them without adding it's users. I'll shut up and be quite until
2.7 opens if you get a meaningfull LSM module merged that actually uses
those hooks. If you don't get one in by 2.6-test I will send patches
to remove those unused hooks.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/