From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262694AbTDUXcJ (ORCPT ); Mon, 21 Apr 2003 19:32:09 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262700AbTDUXcI (ORCPT ); Mon, 21 Apr 2003 19:32:08 -0400 Received: from cerebus.wirex.com ([65.102.14.138]:50927 "EHLO figure1.int.wirex.com") by vger.kernel.org with ESMTP id S262694AbTDUXcI (ORCPT ); Mon, 21 Apr 2003 19:32:08 -0400 Date: Mon, 21 Apr 2003 16:39:41 -0700 From: Chris Wright To: Grzegorz Jaskiewicz Cc: Chris Wright , lkml Subject: Re: grsecurity in 2.5? Message-ID: <20030421163941.E11886@figure1.int.wirex.com> Mail-Followup-To: Grzegorz Jaskiewicz , Chris Wright , lkml References: <20030421212501.GA30266@kroah.com> <20030421143849.A11883@figure1.int.wirex.com> <1050968186.3065.16.camel@flat41> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <1050968186.3065.16.camel@flat41>; from gj@pointblue.com.pl on Tue, Apr 22, 2003 at 12:36:26AM +0100 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org * Grzegorz Jaskiewicz (gj@pointblue.com.pl) wrote: > Maybe we should start to bring them piece by piece, fe. PaX first and > others. PaX is an example of something that won't port to LSM. The grsecurity MAC, RBAC, chroot restrictions, TPE are the types of things that would port nicely. > Question is not that will somebody do that, i am sure of that - grsec is > needed in 2.4 - and it will be needed in 2.6. Question is, if it will be > included in mainstream kernel release ? I don't expect to see it in 2.6 mainline at all. The patch could be reduced if some of the core access control logic was placed in an LSM. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net