Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

[Serge E. Hallyn]

Quoting Alan Cox (alan@xxxxxxxxxxxxxxxxxxx):
> Thus this sort of stuff needs to be taken seriously. Can SuSE provide a
> good reliable policy for AppArmour to people, can Red Hat do the same
> with SELinux ?

That's a little more than half the question.  The other 40% is can users
write good policies.

I think it will, and already has, become easier for selinux.  But in
this case I wonder whether some sort of contest could be beneficial.  We
all know of Russel Coker's open root selinux play machines.  That's a
powerful statement.  Things I'd like to see in addition are

	a. a similar setup with apparmour
	b. a similar setup where "mere mortals" set up the selinux policy

For the first few rounds, rather than judge one way or the other, we
could hopefully publish the results in a way to encourage a flurry of
selinux policy tools - one of which may actually be useful.

Given that AA is a 'targeted' type of setup, I guess it would need to
have a strict sshd policy, and the game would be whether the policy can
keep anyone with the root password from escaping the policy.

> Note I don't care about whether apparmour is integrated. If the code is
> good and it can be shown it works then fine.

thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/