Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

From: Casey Schaufler
Date: Mon Apr 17 2006 - 19:26:29 EST




--- Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote:

> You can implement a BSD securelevel model in SELinux
> as far as I can see
> from looking at it,

Well, to seriously mangle quotes,
you can implement any policy you want
with SELinux, so long as Tresys puts
it in.

> and do it better than the code today, so its not
> really a feature drop anyway just a migration away
> from some fossils

Dagnabbit, my scales are showing again.

And y'all are right, In tree users of LSM
are a might thin. Sounds as if those who
would use it need to push to get their code
accepted really hard. That means getting
past the inevitable arguement that "you can
do it with SELinux".


Casey Schaufler
casey@xxxxxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/