| 1 |
Mark Knecht posted |
| 2 |
<5bdc1c8b0604232127m36e41816hd387e5da9e620d3e@××××××××××.com>, excerpted |
| 3 |
below, on Sun, 23 Apr 2006 21:27:17 -0700: |
| 4 |
|
| 5 |
> Just keep in mind that LSM **IS** going away. It's not an IF, it's a |
| 6 |
> WHEN. |
| 7 |
|
| 8 |
?? LSM -- the kernel Linux Security Module framework, or realtime-lsm (as |
| 9 |
your previous post implied) specifically? |
| 10 |
|
| 11 |
As far as I was aware, there had been discussions of eliminating the LSM |
| 12 |
plugin framework entirely, if nothing else was merged into mainline that |
| 13 |
used it. I believe the traditional capabilities module was the only thing |
| 14 |
in mainline that really used it. (The other option there, BSD security |
| 15 |
levels, was apparently only using it as a convenience, but could just as |
| 16 |
easily do without. The rootplug module was a simple coding sample, little |
| 17 |
more.) |
| 18 |
|
| 19 |
However, I had believed the discussion had been shelved, after putting |
| 20 |
people on notice that LSM /might/ be removed, until some later date, |
| 21 |
giving folks time in the meantime to propose additional plugins and make |
| 22 |
their case for inclusion in mainline. (The idea being that if it's not in |
| 23 |
mainline, it's a patch anyway, and they might as well patch the |
| 24 |
functionality now being maintained with LSM into it at the same time, if |
| 25 |
they use it.) |
| 26 |
|
| 27 |
Looking at the config for 2.6.17-rc2, I see socket and networking security |
| 28 |
hooks as another option under LSM, which I don't remember from before. |
| 29 |
Perhaps this has been added as a result of the previous discussion. |
| 30 |
|
| 31 |
Anyway, to say that LSM IS going away, WHEN, not IF, is a significantly |
| 32 |
stronger statement than I had yet seen. Thus, clarification is needed. |
| 33 |
Are/were you just referring to realtime-lsm, as your previous post |
| 34 |
implied, and you just mis-typed here, or is there a definitive LSM IS |
| 35 |
going away, that I wasn't aware of? As far as I knew, it was an open |
| 36 |
question, and indeed, as much designed to try to get folks to push their |
| 37 |
LSM modules (of which there were several outside of mainline) into |
| 38 |
mainline, as it was a question of killing mainline LSM entirely. A |
| 39 |
strong statement such as the above needs stronger than average support, |
| 40 |
references and/or at least supporting background information. |
| 41 |
|
| 42 |
So... spill the beans! =8^) |
| 43 |
|
| 44 |
-- |
| 45 |
Duncan - List replies preferred. No HTML msgs. |
| 46 |
"Every nonfree program has a lord, a master -- |
| 47 |
and if you use the program, he is your master." Richard Stallman in |
| 48 |
http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html |
| 49 |
|
| 50 |
|
| 51 |
-- |
| 52 |
gentoo-amd64@g.o mailing list |
Archives