Greg KH wrote:
> The current model lets you do whatever you want in your kernel module.
> It imposes no policy, that's up to you.
---
That's not exactly true. It imposes the standard Linux security
policy which someone wanting to remove it or change it might not want.
It only allows you to further restrict based on the current security
system.
>
> All the better to keep userspace callbacks for security out of my
> kernels, for that way is ripe for problems (for specific examples why,
> see the linux-security-module mailing list archives.)
---
I agree. Though an individual module writer could theoretically
implement callbacks in their own module, no?
-l
-- - _ - _ - _ - _ - _ - _ - _ -
The above thoughts and | I know I don't know the opinions
writings are my own. | of every part of my company. :-)