Re: Out of tree module using LSM
From: Crispin Cowan
Date: Fri Nov 30 2007 - 15:52:32 EST
Tvrtko A. Ursulin wrote:
> During one recent LKML discussion
> (http://marc.info/?l=linux-kernel&m=119267398722085&w=2) about
> LSM going
> static you called for LSM users to speak up.
Great big clue: If "LSM" is in the subject line, then cc: the LSM list
linux-security-module@xxxxxxxxxxxxxxx
For LSM readers seeing this for the first time, the thread starts here
and goes for a while http://lkml.org/lkml/2007/11/28/106
I'm sympathetic to the desire to be able to provide a 3rd party LSM that
end users can install on their systems. That is why I advocated for
keeping the dynamic LSM interface. Getting the dynamic interface
restored faces a lot of challenges, but I hope that some kind of
solution can be found, because the alternative is to effectively force
vendors like Sophos to do it the "dirty" way by fishing in memory for
the syscall table. I would much rather that Linux offers you a way to do
what you need to do than force you to do nasty things.
Crispin
--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin
CEO, Mercenary Linux http://mercenarylinux.com/
Itanium. Vista. GPLv3. Complexity at work
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/