| 1 |
On 4/23/06, Duncan <1i5t5.duncan@×××.net> wrote: |
| 2 |
> Mark Knecht posted |
| 3 |
> <5bdc1c8b0604232127m36e41816hd387e5da9e620d3e@××××××××××.com>, excerpted |
| 4 |
> below, on Sun, 23 Apr 2006 21:27:17 -0700: |
| 5 |
> |
| 6 |
> > Just keep in mind that LSM **IS** going away. It's not an IF, it's a |
| 7 |
> > WHEN. |
| 8 |
> |
| 9 |
> ?? LSM -- the kernel Linux Security Module framework, or realtime-lsm (as |
| 10 |
> your previous post implied) specifically? |
| 11 |
> |
| 12 |
> As far as I was aware, there had been discussions of eliminating the LSM |
| 13 |
> plugin framework entirely, if nothing else was merged into mainline that |
| 14 |
> used it. I believe the traditional capabilities module was the only thing |
| 15 |
> in mainline that really used it. (The other option there, BSD security |
| 16 |
> levels, was apparently only using it as a convenience, but could just as |
| 17 |
> easily do without. The rootplug module was a simple coding sample, little |
| 18 |
> more.) |
| 19 |
> |
| 20 |
> However, I had believed the discussion had been shelved, after putting |
| 21 |
> people on notice that LSM /might/ be removed, until some later date, |
| 22 |
> giving folks time in the meantime to propose additional plugins and make |
| 23 |
> their case for inclusion in mainline. (The idea being that if it's not in |
| 24 |
> mainline, it's a patch anyway, and they might as well patch the |
| 25 |
> functionality now being maintained with LSM into it at the same time, if |
| 26 |
> they use it.) |
| 27 |
|
| 28 |
There have been a bunch of conversations on this subject last week on |
| 29 |
the LKML. As best I understand them it seem that everyone is pretty |
| 30 |
much in agreement that it's going away completely. the same things can |
| 31 |
be done with PAM so they see no reason to carry it forward. I don't |
| 32 |
know if it's going in 2.6.17 or 2.6.18 but it sounds like it will go |
| 33 |
soon. A few of the audio folks smarter than seem to agree. |
| 34 |
|
| 35 |
the issue we have here in Gentoo land is that the correct version of |
| 36 |
PAM is 0.80 or later and that has not been available in portage, |
| 37 |
althoough I see this morning a masked version of 0.99.3.0 so it looks |
| 38 |
like someone is starting to look after this... |
| 39 |
|
| 40 |
> |
| 41 |
> Looking at the config for 2.6.17-rc2, I see socket and networking security |
| 42 |
> hooks as another option under LSM, which I don't remember from before. |
| 43 |
> Perhaps this has been added as a result of the previous discussion. |
| 44 |
> |
| 45 |
> Anyway, to say that LSM IS going away, WHEN, not IF, is a significantly |
| 46 |
> stronger statement than I had yet seen. Thus, clarification is needed. |
| 47 |
> Are/were you just referring to realtime-lsm, as your previous post |
| 48 |
> implied, and you just mis-typed here, or is there a definitive LSM IS |
| 49 |
> going away, that I wasn't aware of? As far as I knew, it was an open |
| 50 |
> question, and indeed, as much designed to try to get folks to push their |
| 51 |
> LSM modules (of which there were several outside of mainline) into |
| 52 |
> mainline, as it was a question of killing mainline LSM entirely. A |
| 53 |
> strong statement such as the above needs stronger than average support, |
| 54 |
> references and/or at least supporting background information. |
| 55 |
> |
| 56 |
> So... spill the beans! =8^) |
| 57 |
|
| 58 |
Hope they are spilt correctly. |
| 59 |
|
| 60 |
- Mark |
| 61 |
> |
| 62 |
> -- |
| 63 |
> Duncan - List replies preferred. No HTML msgs. |
| 64 |
> "Every nonfree program has a lord, a master -- |
| 65 |
> and if you use the program, he is your master." Richard Stallman in |
| 66 |
> http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html |
| 67 |
> |
| 68 |
> |
| 69 |
> -- |
| 70 |
> gentoo-amd64@g.o mailing list |
| 71 |
> |
| 72 |
> |
| 73 |
|
| 74 |
-- |
| 75 |
gentoo-amd64@g.o mailing list |
Archives