Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754138AbXFYVOl (ORCPT ); Mon, 25 Jun 2007 17:14:41 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751925AbXFYVOd (ORCPT ); Mon, 25 Jun 2007 17:14:33 -0400 Received: from mail7.sea5.speakeasy.net ([69.17.117.9]:38541 "EHLO mail7.sea5.speakeasy.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751817AbXFYVOc (ORCPT ); Mon, 25 Jun 2007 17:14:32 -0400 Date: Mon, 25 Jun 2007 17:14:28 -0400 (EDT) From: James Morris X-X-Sender: jmorris@localhost.localdomain To: Andreas Gruenbacher cc: Chris Wright , linux-security-module@vger.kernel.org, "Serge E. Hallyn" , Andrew Morgan , Andrew Morton , Stephen Smalley , lkml , Arjan van de Ven , Greg KH , Eric Paris Subject: Re: [PATCH try #2] security: Convert LSM into a static interface In-Reply-To: <200706252237.59226.agruen@suse.de> Message-ID: References: <20070617135239.GA17689@sergelap> <20070624220903.GB3723@sequoia.sous-sol.org> <200706252237.59226.agruen@suse.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 784 Lines: 24 On Mon, 25 Jun 2007, Andreas Gruenbacher wrote: > It's useful for some LSMs to be modular, and LSMs which are y/n options won't > have any security architecture issues with unloading at all. Which LSMs? Upstream, there are SELinux and capabilty, and they're not safe as loadable modules. > The mere fact > that SELinux cannot be built as a module is a rather weak argument for > disabling LSM modules as a whole, so please don't. That's not the argument. Please review the thread. - James -- James Morris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/