Date: Thu, 28 Jun 2007 08:50:01 -0500
From: "Bill O'Donnell" <billodo@sgi.com>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: David Miller <davem@davemloft.net>, crispin@novell.com,
       seanlkml@sympatico.ca, bunk@stusta.de, akpm@linux-foundation.org,
       jjohansen@suse.de, linux-kernel@vger.kernel.org,
       linux-security-module@vger.kernel.org
Subject: Re: [AppArmor 00/44] AppArmor security module overview
Message-ID: <20070628135001.GA11666@sgi.com>
References: <20070627.160535.71552808.davem@davemloft.net> <350078.43404.qm@web36601.mail.mud.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <350078.43404.qm@web36601.mail.mud.yahoo.com>
User-Agent: Mutt/1.5.13 (2006-08-11)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 3468
Lines: 85

On Wed, Jun 27, 2007 at 05:27:17PM -0700, Casey Schaufler wrote:
| 
| --- David Miller <davem@davemloft.net> wrote:
| 
| > From: Crispin Cowan <crispin@novell.com>
| > Date: Wed, 27 Jun 2007 15:46:57 -0700
| > 
| > > But we do not want to prevent other people from using SELinux if it
| > > suits them. Linux is about choice, and that is especially vital in
| > > security. As Linus himself observed when LSM was started, there are a
| > > lot of security models, they have various strengths and weaknesses, and
| > > often are not compatible with each other. That is why it is important
| > > that LSM persist, that SELinux not be the only in-tree user of LSM, and
| > > why we think AppArmor should be included upstream, so that non-SUSE
| > > users can also use AppArmor if it suits them.
| > 
| > Anyone can apply the apparmour patch to their tree, they get the
| > choice that way.  Nobody is currently prevented from using apparmour
| > if they want to, any such suggestion is pure rubbish.
| 
| The exact same argument was made prior to SELinux going upstream.
| Look, if you can't be right, try at least to be original.
| 
| > It is even more incredulious to imply that just by having apparmour
| > in the upstream kernel all the userland bits will magically appear
| > on every user's distribution.
| 
| Just like all the SELinux userland magically appeared in everyone's
| distribution? Nope, didn't happen.
| 
| > Give me a break.
| 
| No. You are out of line and spewing ignorance.

Please.
I really wish this thread would stick to the technical matter and 
dispense with the infernile sniping on one hand and stroking of
egos on the other.  Sheesh - some of us are actually trying to glean
something useful from all of this.

| 
| > What you get by the code going into the upstream kernel tree is that
| > it a) adds some pseudo legitimacy to AppArmour (which I don't
| > personally think is warranted) and b) gets the work of keeping
| > apparmour working with upstream largely off of your back and in the
| > hands of the upstream community.
| 
| Duh. Those are pretty much the reasons anyone goes through the
| trouble of getting anything upstream.
| 
| > Neither of those are reasons why something should go into the tree.
| 
| They reflect the corporate reality of the open source community.
| If you're going to go down the "open source isn't for money"
| rathole please take it elsewhere. I've heard the arguments so many
| times I can sing them to the tune of "Lady Madonna".
| 
| > Frankly I think AppArmour is a joke,
| 
| "SELinux, AppArmor, and Hilary Clinton walk into a bar ..."

Yawn.  Not funny. See above comment.

| > and all of this integration with
| > LSM business is just a face saving effort, nothing more.  And saving
| > face is not, and has never been, a reason for something to be put into
| > the upstream tree.
| 
| Believe what you will. Crispin has been working with LSM from the
| inception those many years ago. He's been working on getting this
| module in for over a year. If you don't like his module go write
| your own and put him out of business.

Now this is getting really boring.  See above comment.
Can't we just stay on point?

-- 
Bill O'Donnell
SGI
billodo@sgi.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/