1 |
On 4/23/06, Duncan <1i5t5.duncan@×××.net> wrote: |
2 |
> Mark Knecht posted |
3 |
> <5bdc1c8b0604232127m36e41816hd387e5da9e620d3e@××××××××××.com>, excerpted |
4 |
> below, on Sun, 23 Apr 2006 21:27:17 -0700: |
5 |
> |
6 |
> > Just keep in mind that LSM **IS** going away. It's not an IF, it's a |
7 |
> > WHEN. |
8 |
> |
9 |
> ?? LSM -- the kernel Linux Security Module framework, or realtime-lsm (as |
10 |
> your previous post implied) specifically? |
11 |
> |
12 |
> As far as I was aware, there had been discussions of eliminating the LSM |
13 |
> plugin framework entirely, if nothing else was merged into mainline that |
14 |
> used it. I believe the traditional capabilities module was the only thing |
15 |
> in mainline that really used it. (The other option there, BSD security |
16 |
> levels, was apparently only using it as a convenience, but could just as |
17 |
> easily do without. The rootplug module was a simple coding sample, little |
18 |
> more.) |
19 |
> |
20 |
> However, I had believed the discussion had been shelved, after putting |
21 |
> people on notice that LSM /might/ be removed, until some later date, |
22 |
> giving folks time in the meantime to propose additional plugins and make |
23 |
> their case for inclusion in mainline. (The idea being that if it's not in |
24 |
> mainline, it's a patch anyway, and they might as well patch the |
25 |
> functionality now being maintained with LSM into it at the same time, if |
26 |
> they use it.) |
27 |
|
28 |
There have been a bunch of conversations on this subject last week on |
29 |
the LKML. As best I understand them it seem that everyone is pretty |
30 |
much in agreement that it's going away completely. the same things can |
31 |
be done with PAM so they see no reason to carry it forward. I don't |
32 |
know if it's going in 2.6.17 or 2.6.18 but it sounds like it will go |
33 |
soon. A few of the audio folks smarter than seem to agree. |
34 |
|
35 |
the issue we have here in Gentoo land is that the correct version of |
36 |
PAM is 0.80 or later and that has not been available in portage, |
37 |
althoough I see this morning a masked version of 0.99.3.0 so it looks |
38 |
like someone is starting to look after this... |
39 |
|
40 |
> |
41 |
> Looking at the config for 2.6.17-rc2, I see socket and networking security |
42 |
> hooks as another option under LSM, which I don't remember from before. |
43 |
> Perhaps this has been added as a result of the previous discussion. |
44 |
> |
45 |
> Anyway, to say that LSM IS going away, WHEN, not IF, is a significantly |
46 |
> stronger statement than I had yet seen. Thus, clarification is needed. |
47 |
> Are/were you just referring to realtime-lsm, as your previous post |
48 |
> implied, and you just mis-typed here, or is there a definitive LSM IS |
49 |
> going away, that I wasn't aware of? As far as I knew, it was an open |
50 |
> question, and indeed, as much designed to try to get folks to push their |
51 |
> LSM modules (of which there were several outside of mainline) into |
52 |
> mainline, as it was a question of killing mainline LSM entirely. A |
53 |
> strong statement such as the above needs stronger than average support, |
54 |
> references and/or at least supporting background information. |
55 |
> |
56 |
> So... spill the beans! =8^) |
57 |
|
58 |
Hope they are spilt correctly. |
59 |
|
60 |
- Mark |
61 |
> |
62 |
> -- |
63 |
> Duncan - List replies preferred. No HTML msgs. |
64 |
> "Every nonfree program has a lord, a master -- |
65 |
> and if you use the program, he is your master." Richard Stallman in |
66 |
> http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html |
67 |
> |
68 |
> |
69 |
> -- |
70 |
> gentoo-amd64@g.o mailing list |
71 |
> |
72 |
> |
73 |
|
74 |
-- |
75 |
gentoo-amd64@g.o mailing list |