RE: [BK PATCH] LSM changes for 2.5.59

Makan Pourzandi (Makan.Pourzandi@ericsson.ca)
Wed, 12 Feb 2003 11:58:52 -0500


> > > I'm very serious about submitting a patch to Linus to
> remove all hooks not
> > > used by any intree module once 2.6.0-test.
> >
> > Any idea on how much time that gives us (to rework SELinux
> and submit
> > it)?
>

Hi,

My comments are from user of LSM point of view and not one of its designers. Actually, we have been using LSM for now about a year to develop our own security module in DSI project (security for clustered server, http://sourceforge.net/projects/disec).

I believe that one major advantage of LSM is that it avoids the one size fits all approach. LSM allows to different people to come up with different mechanisms to implement security according to their needs.
And different Linux users have different needs. For example in DSI project, we used LSM to implement our own security approach for clustered servers. For example, having tight restrictions on response time, we rather concentrate on performance impact of security and distributed access control inside a cluster than file access control (running mainly diskless machines).
I believe this is very acceptable, because it allows the user to choose the security module that fits best its needs. The security needs are not the same for military/banking/telecom/gaming/... businesses. And till the moment that we have a config tool (file or else) that can allow these people to configure fine grained access control according to their needs (for example like how we configure iptables), I believe that LSM is necessary to give these people a chance of developing their own solution.

Further more, I believe that LSM encourages the developers in the community to take initiatives related to security in Linux. This way, it helps developing different security approaches. This at the end, even if we choose to go with only one approach and drop others, will help the diversity of existing solutions and the possibility of choosing among a set of solutions (hopefully the best one will be chosen). IMHO, to let people be able to come up with different security approaches, we have
to let LSM be part of the kernel in order to encourage people to
develop their approach.

That was my 2 cents.

Regards,
Makan Pourzandi
-------------------------------------------------------
Makan Pourzandi
Ericsson Research Canada
http://sourceforge.net/projects/disec/
-------------------------------------------------------

This email does not represent or express the opinions of Ericsson
Corporation.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/