Re: [PATCH try #2] security: Convert LSM into a static interface
From: James Morris
Date: Mon Jun 25 2007 - 17:14:41 EST
On Mon, 25 Jun 2007, Andreas Gruenbacher wrote:
> It's useful for some LSMs to be modular, and LSMs which are y/n options won't
> have any security architecture issues with unloading at all.
Which LSMs? Upstream, there are SELinux and capabilty, and they're not
safe as loadable modules.
> The mere fact
> that SELinux cannot be built as a module is a rather weak argument for
> disabling LSM modules as a whole, so please don't.
That's not the argument. Please review the thread.
- James
--
James Morris
<jmorris@xxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/