Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752511AbXJWLi1 (ORCPT ); Tue, 23 Oct 2007 07:38:27 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751703AbXJWLiT (ORCPT ); Tue, 23 Oct 2007 07:38:19 -0400 Received: from proxima.lp0.eu ([85.158.45.36]:57843 "EHLO proxima.lp0.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751658AbXJWLiS (ORCPT ); Tue, 23 Oct 2007 07:38:18 -0400 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=exim; d=fire.lp0.eu; h=Received:Received:Message-ID:In-Reply-To:References:Date:Subject:From:To:Cc:User-Agent:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:Importance; b=MnRSuhztShuerfD8EXoFXGNDK9yXc/vz4nBzVvf1V41JY25xj1JwKKWJ32BhvgQ3pjrjMrOoNLba+KYUrg3fkm8Pkjo5hUP4IM3x0M71TDx84Xwwlv4n3/Rd+YVSe41j; Message-ID: <11103.simon.1193139489@5ec7c279.invalid> In-Reply-To: <20071022171326.GA30317@kroah.com> References: <200710221700.l9MH0klg006152@sapphire.spiritone.com> <20071022171326.GA30317@kroah.com> Date: Tue, 23 Oct 2007 12:38:09 +0100 Subject: Re: LSM conversion to static interface From: "Simon Arlott" To: "Greg KH" Cc: "Thomas Fricaccia" , linux-kernel@vger.kernel.org, "Alan Cox" , "Linus Torvalds" , "LSM ML" , "Crispin Cowan" User-Agent: SquirrelMail/1.4.10a MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT X-Priority: 3 (Normal) Importance: Normal Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1367 Lines: 29 On Mon, October 22, 2007 18:13, Greg KH wrote: > I agree, that is why customers do not load other random security modules > in their kernel today, and why they will not do so tomorrow. So, > because of that, this whole point about compliance with regulatory law > seems kind of moot :) > > Again, LSM isn't going away at all, this is just one config option for > allowing LSM to work as a module that is changing. If a customer > demands that this feature come back, I'm sure that the big distros will > be the first to push for it. But currently, given that there are no > known external LSMs being used by customers demanding support, I don't > see what the big issue here really is. I have an out of tree module to do per-port (tcp/udp) bind permissions, it works fine with the "capability" module as secondary and I can load or unload both of them at any time... this recent change completely breaks that. (I had to #include dummy.c though). Why should I now need to: 1. reboot every time I change the code when I could just reload modules before? 2. put it into my kernel source tree to use it? -- Simon Arlott - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/