Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755518AbXJAUt6 (ORCPT ); Mon, 1 Oct 2007 16:49:58 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752813AbXJAUtu (ORCPT ); Mon, 1 Oct 2007 16:49:50 -0400 Received: from sovereign.computergmbh.de ([85.214.69.204]:60086 "EHLO sovereign.computergmbh.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752603AbXJAUtt (ORCPT ); Mon, 1 Oct 2007 16:49:49 -0400 Date: Mon, 1 Oct 2007 22:49:48 +0200 (CEST) From: Jan Engelhardt To: Andrew Morton cc: casey@schaufler-ca.com, torvalds@linux-foundation.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, Andi Kleen , James Morris , Paul Moore Subject: Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel In-Reply-To: <20070930011618.ccb8351b.akpm@linux-foundation.org> Message-ID: References: <46FEEBD4.5050401@schaufler-ca.com> <20070930011618.ccb8351b.akpm@linux-foundation.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1690 Lines: 38 On Sep 30 2007 01:16, Andrew Morton wrote: >> >> Documentation/Smack.txt | 104 + >> security/Kconfig | 1 >> security/Makefile | 2 >> security/smack/Kconfig | 10 >> security/smack/Makefile | 9 >> security/smack/smack.h | 207 ++ >> security/smack/smack_access.c | 345 ++++ >> security/smack/smack_lsm.c | 2685 ++++++++++++++++++++++++++++++++ >> security/smack/smackfs.c | 1201 ++++++++++++++ >> 9 files changed, 4564 insertions(+) > >My major non-technical concern is that Casey Schaufler might get hit by a >bus. If this happens, we can remove the feature in three minutes (that >diffstat again), but that may not be feasible if people have come to rely >upon the feature. > >otoh, if a significant number of people are using smack, presumably someone >else would step up to maintain smack post-bus. The risk seems acceptable >to me. I bet that the number of people submitting patches / possibly maintaining it is hyperbelic to the code size. Everyone that runs away from selinux's code size and/or "complexity" is a potential smack/aa user/contributor. >Is smack useful without a patched ls, sshd and init.d? What is the status >of getting those userspace patches merged? ie: do you know who to send the >diffs to, and are they likely to take them? As long as one does not need to recompile userspace (like it is the case with libselinux), it wins. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/