Re: LSM conversion to static interface

From: Avi Kivity
Date: Mon Oct 22 2007 - 13:48:33 EST


Greg KH wrote:
On Sun, Oct 21, 2007 at 07:24:42PM -0700, Thomas Fricaccia wrote:
Yes, I think Crispin has succinctly summed it up: irrevocably closing
the LSM prevents commercial customers from using security modules other
than that provided by their Linux distributor.

Any "customer" using a security model other than provided by their Linux
distributor instantly voided all support from that distro by doing that.

So, since the support is gone, they can easily build their own kernels,
with their own LSM interfaces, and get the exact same lack of support :)


Running a vendor kernel has the advantage of reusing all the QA work that has gone into that kernel. It is very different from running 2.6.24-rc1 (or 2.6.22.x). Hence projects like centos: you don't get any support, but the likelihood of actually requiring support is lower than running some random kernel.

[but I agree that someone who has somehow determined that they need a specific LSM will probably have determined that they need vendor support as well]

--
error compiling committee.c: too many arguments to function

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/