Re: [PATCH try #3] security: Convert LSM into a static interface

From: Scott Preece
Date: Thu Jul 19 2007 - 08:57:24 EST


On 7/19/07, James Morris <jmorris@xxxxxxxxx> wrote:
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:

> If we could get a few (non-afilliated :) people who work with
> customers in the security field to tell us whether this is being
> used, that would be very helpful. Not sure how to get that.

The mainline kernel does not cater to out of tree code.

Please distinguish between "cater to" and "support". If the kernel
didn't worry about supporting out-of-tree code, then why would there
be loadable module at all?

Christian Ehrhardt already pointed to two reasons for loadable LSMs
that are sufficient to justify keeping them - so you can replace them
iteratively while you're developing them or choose between
alternatives.

Another twist is to use a tool to generate the module from a
policy-definition file; this could be done at boot-time or could be
done to replace the current policy on a running system (perhaps to add
a new domain corresponding to a newly added service). Yes, this would
need to be done with a lot of care, but part of providing mechanism
(rather than policy) is enabling people to use the mechanism in the
ways they prefer.

scott
--
scott preece
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/