Re: Linux Security Module Framework (Was: LSM conversion to static interface)

From: Casey Schaufler
Date: Wed Oct 24 2007 - 21:03:50 EST

Next message: Andrew Morton: "Re: [patch 1/5] wait: use lock bitops for __wait_on_bit_lock"
Previous message: Jeff Dike: "Re: [uml-devel] User Mode Linux still doesn't build in 2.6.23-final."
In reply to: Linus Torvalds: "Re: Linux Security *Module* Framework (Was: LSM conversion to staticinterface)"
Next in thread: Chris Wright: "Re: Linux Security *Module* Framework (Was: LSM conversion tostatic interface)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:

>
>
> On Thu, 25 Oct 2007, Adrian Bunk wrote:
> >
> > What I'm giving you is "Linus has decreed there can be LSMs other than
> > SELinux."
> >
> > Getting LSMs included should no longer be harder than for other
> > parts of the kernel.
>
> Well, despite my heart-felt feelings that we should support different
> people in trying out different things, one of the issues is also that I'm
> obviously not myself a security person. I can "decree" all I want, but in
> the end, I really want the people *involved* to merge security stuff.
>
> Right now Chris Wrigt is the documented maintainer for LSM, and quite
> frankly, I do not want to take it over. I really really really hope that
> people that are interested in security can work this thing out, and my
> only requirement is that it doesn't end up being any kind of force-feeding
> of opinions and ideas, since clearly there is tons of room for
> disagreement in the area..
>
> Do other people want to stand up and be "LSM maintainers" in the sense
> that they also end up being informed members who can also stand up for new
> modules and help merge them, rather than just push the existing one(s)?
> Chris? Casey? Crispin?

Count me in.

> [ Ie there's the "core LSM hooks" on one side, but there's also the "what
> modules make any sense at all to merge?" on the other, and I really
> don't have the expertise to make any sensible judgements except for the
> pure "process" judgement that we should not hardcode things to just one
> module! ]
>
> Linus
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
>
>

Casey Schaufler
casey@xxxxxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [patch 1/5] wait: use lock bitops for __wait_on_bit_lock"
Previous message: Jeff Dike: "Re: [uml-devel] User Mode Linux still doesn't build in 2.6.23-final."
In reply to: Linus Torvalds: "Re: Linux Security *Module* Framework (Was: LSM conversion to staticinterface)"
Next in thread: Chris Wright: "Re: Linux Security *Module* Framework (Was: LSM conversion tostatic interface)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

Re: Linux Security Module Framework (Was: LSM conversion to static interface)