Re: [PATCH] [request for inclusion] Realtime LSM

From: Chris Wright
Date: Fri Jan 07 2005 - 13:03:31 EST

Next message: Jeff Garzik: "Re: 2.6.10-bk10 fails compile -- kernel/sys.c"
Previous message: Linus Torvalds: "Re: [PATCH] add feature-removal-schedule.txt documentation"
In reply to: Martin Mares: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Chris Wright: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Paul Davis (paul@xxxxxxxxxxxxxxxxxxxxx) wrote:
> So, we have a few responses, some references to various potential
> solutions all of which have problems just as deep if not deeper than
> the uid/gid-based model that this particular LSM adopts. No proposal
> for any system that would actually work and address anyone's real
> needs in a useful way.

I don't think that's quite true. One repeated recommendation was to
simply generalize the idea so that it applies to all capabilities.
Another, which at this point appears quite workable, was Arjan's
recommendation to make scheduling policy/priority protected by an rlimit
(complicated only by representing the combinations sanely in a single
number).

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeff Garzik: "Re: 2.6.10-bk10 fails compile -- kernel/sys.c"
Previous message: Linus Torvalds: "Re: [PATCH] add feature-removal-schedule.txt documentation"
In reply to: Martin Mares: "Re: [PATCH] [request for inclusion] Realtime LSM"
Next in thread: Chris Wright: "Re: [PATCH] [request for inclusion] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]