Re: [BK PATCH] LSM changes for 2.5.59

magniett (Frederic.Magniette@lri.fr)
Wed, 12 Feb 2003 19:11:09 +0000


"Makan Pourzandi (LMC)" a écrit :

> > > > I'm very serious about submitting a patch to Linus to
> > remove all hooks not
> > > > used by any intree module once 2.6.0-test.
> > >
> > > Any idea on how much time that gives us (to rework SELinux
> > and submit
> > > it)?
> >
>
> Further more, I believe that LSM encourages the developers in the community to take initiatives related to security in Linux. This way, it helps developing different security approaches. This at the end, even if we choose to go with only one approach and drop others, will help the diversity of existing solutions and the possibility of choosing among a set of solutions (hopefully the best one will be chosen). IMHO, to let people be able to come up with different security approaches, we have
> to let LSM be part of the kernel in order to encourage people to
> develop their approach.
>
> That was my 2 cents.
>
> Regards,
> Makan Pourzandi

Hi,
I'm the leader of a project, developping a sandbox (processes confinement environment) for Linux based on LSM.
Our approach is dedicated for peer-to-peer global computing environments. I totally agree with Makan about the
diversity of developpement : we dont have the same goals than SELinux. The LSM project followed two phases :
in a first one, everybody was thinking about what could be good to integrate in LSM and now (the second phase),
a few people think about what they can remove because they dont use it. We need a flexible and reasonably complete
framework to implement solutions. I recall that it was the original request from Linus : a generic framework to decide
which kind of security solutions are the best. If LSM fits only one or two policy requirements, the choice does not
exist. For finishing : PLEASE, stop reducing LSM possibilities : it cost a lot to develop things for a hook and then
redevelopping it for a classical syscall interposition.
bests
Frédéric Magniette (University of Orsay/CNRS)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/