Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261397AbVETO4k (ORCPT ); Fri, 20 May 2005 10:56:40 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261423AbVETO4k (ORCPT ); Fri, 20 May 2005 10:56:40 -0400 Received: from mx1.redhat.com ([66.187.233.31]:62160 "EHLO mx1.redhat.com") by vger.kernel.org with ESMTP id S261397AbVETO4d (ORCPT ); Fri, 20 May 2005 10:56:33 -0400 Date: Fri, 20 May 2005 10:56:20 -0400 (EDT) From: James Morris X-X-Sender: jmorris@thoron.boston.redhat.com To: Kylene Hall cc: linux-kernel@vger.kernel.org, Andrew Morton , , , , , Chris Wright Subject: Re: [PATCH 1 of 4] ima: related TPM device driver interal kernel interface In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 737 Lines: 24 Why are you using LSM for this? LSM should be used for comprehensive access control frameworks which significantly enhance or even replace existing Unix DAC security. We're going to end up with a proliferation of arbitrary security features lacking an overall architectural view (I've written about this before, see http://www.ussg.iu.edu/hypermail/linux/kernel/0503.1/0300.html). I think it would be better to implement this directly. - James -- James Morris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/