Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 10 Feb 2003 03:12:07 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 10 Feb 2003 03:12:07 -0500 Received: from carisma.slowglass.com ([195.224.96.167]:52231 "EHLO phoenix.infradead.org") by vger.kernel.org with ESMTP id ; Mon, 10 Feb 2003 03:12:05 -0500 Date: Mon, 10 Feb 2003 08:21:40 +0000 From: "'Christoph Hellwig'" To: Crispin Cowan Cc: LA Walsh , "'Christoph Hellwig'" , torvalds@transmeta.com, linux-security-module@wirex.com, linux-kernel@vger.kernel.org Subject: Re: [BK PATCH] LSM changes for 2.5.59 Message-ID: <20030210082140.A16436@infradead.org> Mail-Followup-To: 'Christoph Hellwig' , Crispin Cowan , LA Walsh , torvalds@transmeta.com, linux-security-module@wirex.com, linux-kernel@vger.kernel.org References: <001001c2d0b0$cf49b190$1403a8c0@sc.tlinx.org> <3E471F21.4010803@wirex.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3E471F21.4010803@wirex.com>; from crispin@wirex.com on Sun, Feb 09, 2003 at 07:40:17PM -0800 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1465 Lines: 34 On Sun, Feb 09, 2003 at 07:40:17PM -0800, Crispin Cowan wrote: > > Also unsupported: The "no-security" model -- where all security > >is thrown out (to save memory space and cycles) that was desired for embedded work. > > > False: capabilities is now a removable module, which is what Linus asked > for. It's not. You put a bit of capability logic into a LSM module, but all the specific calls to capable are still around and turned into an LSM hook - often near another hook. > >_\implemented\_ (team members & prjct lead Linda Walsh) to move all > >security checks out of the kernel into a 'default policy' module. > >The code to implement this was submitted to the LSM list in June 1991. > > > And I actually like that plan. But I still believe it to be too radical > for 2.6. It's too later for 2.6 _now_. If you started doing this in early 2.5 we'd have a much less messy ACC architecture by now. > It has many nice properties, but is much more invasive to the > kernel. I think it is a very interesting idea for 2.7, and should be > floated past the maintainers who will be impacted to see if it has a > hope in hell. *nod* and until we get that gets implemented we should remove the current mess.. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/