Christoph Hellwig wrote:
>On Thu, Oct 17, 2002 at 01:10:31PM -0700, Greg KH wrote:
>
>
>>>>How would they be done differently now? Multiple different syscalls?
>>>>
>>>>
>>>Yes.
>>>
>>>
>>Hm, in looking at the SELinux documentation, here's a list of the
>>syscalls they need:
>> http://www.nsa.gov/selinux/docs2.html
>>
>>That's a lot of syscalls :)
>>
>>
>I know. but hiding them doesn't make them any better..
>
Actuall, yes it does, and that is the point. You don't have to like
SELinux's system calls, or any other module's syscalls. The whole point
of LSM was to decouple security design from the Linux kernel development.
There are a butt-load of different access control models, and many of
them are not compatible with one another. You wouldn't want to support
them all--that would be serious bloat. So instead, LSM lets each user
choose the model that suits them:
* server users can choose a highly secure model
* workstation users can choose something desktop oriented
* embedded people can choose nothing at all, or the specific
narrow-cast model that they need
On the other hand: what is the big cost here? One system call. Isn't
that actually *lower* overhead than the (say) half dozen
security-oriented syscalls we might convince you to accept if we drop
the sys_security syscall as you suggest? Why the fierce desire to remove
something so cheap?
Crispin
-- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:40 EST