1 |
Mark Knecht posted |
2 |
<5bdc1c8b0604232127m36e41816hd387e5da9e620d3e@××××××××××.com>, excerpted |
3 |
below, on Sun, 23 Apr 2006 21:27:17 -0700: |
4 |
|
5 |
> Just keep in mind that LSM **IS** going away. It's not an IF, it's a |
6 |
> WHEN. |
7 |
|
8 |
?? LSM -- the kernel Linux Security Module framework, or realtime-lsm (as |
9 |
your previous post implied) specifically? |
10 |
|
11 |
As far as I was aware, there had been discussions of eliminating the LSM |
12 |
plugin framework entirely, if nothing else was merged into mainline that |
13 |
used it. I believe the traditional capabilities module was the only thing |
14 |
in mainline that really used it. (The other option there, BSD security |
15 |
levels, was apparently only using it as a convenience, but could just as |
16 |
easily do without. The rootplug module was a simple coding sample, little |
17 |
more.) |
18 |
|
19 |
However, I had believed the discussion had been shelved, after putting |
20 |
people on notice that LSM /might/ be removed, until some later date, |
21 |
giving folks time in the meantime to propose additional plugins and make |
22 |
their case for inclusion in mainline. (The idea being that if it's not in |
23 |
mainline, it's a patch anyway, and they might as well patch the |
24 |
functionality now being maintained with LSM into it at the same time, if |
25 |
they use it.) |
26 |
|
27 |
Looking at the config for 2.6.17-rc2, I see socket and networking security |
28 |
hooks as another option under LSM, which I don't remember from before. |
29 |
Perhaps this has been added as a result of the previous discussion. |
30 |
|
31 |
Anyway, to say that LSM IS going away, WHEN, not IF, is a significantly |
32 |
stronger statement than I had yet seen. Thus, clarification is needed. |
33 |
Are/were you just referring to realtime-lsm, as your previous post |
34 |
implied, and you just mis-typed here, or is there a definitive LSM IS |
35 |
going away, that I wasn't aware of? As far as I knew, it was an open |
36 |
question, and indeed, as much designed to try to get folks to push their |
37 |
LSM modules (of which there were several outside of mainline) into |
38 |
mainline, as it was a question of killing mainline LSM entirely. A |
39 |
strong statement such as the above needs stronger than average support, |
40 |
references and/or at least supporting background information. |
41 |
|
42 |
So... spill the beans! =8^) |
43 |
|
44 |
-- |
45 |
Duncan - List replies preferred. No HTML msgs. |
46 |
"Every nonfree program has a lord, a master -- |
47 |
and if you use the program, he is your master." Richard Stallman in |
48 |
http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html |
49 |
|
50 |
|
51 |
-- |
52 |
gentoo-amd64@g.o mailing list |