Re: security patches / lsm

[Chris Wright]

* Nico Schottelius (nico-kernel@xxxxxxxxxxxxxxx) wrote:
> Sorry for the late answer!
> 
> For me it looks like rsbac and grsecurity could get included in 2.6.
> 
> It looks like Amon did the work necessary to intergrate it into 2.6.
> (have a look at http://www.rsbac.org/).
> 
> And grsecurity also works nice with 2.6
> (http://www.grsecurity.net/download.php).
> 
> Who decides whether to integrate them or not?

Ultimately, that's Linus, often with some input from the rest of
the community.  Look, it's very simple.  Create patches, submit for
public review, update according to feedback, resubmit, etc.  The main
problem here is the patches above are invasive and considering where
we are in the 2.6 series (read: concerned utmost about stability) large
invasive patches aren't appropriate.  Further, there's an infrastructure
designed to support some of the features in the above patchsets, LSM.
And the idle complaints that it's inadequate without engaging in dialog
or supplying patches don't work very far towards a solution.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/