From mboxrd@z Thu Jan 1 00:00:00 1970 From: Casey Schaufler Subject: Re: [TOMOYO #7 30/30] Hooks for SAKURA and TOMOYO. Date: Mon, 7 Apr 2008 15:57:16 -0700 (PDT) Message-ID: <312131.8802.qm@web36601.mail.mud.yahoo.com> References: <200804071140.59247.paul.moore@hp.com> Reply-To: casey@schaufler-ca.com Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Cc: akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Kentaro Takeda , Toshiharu Harada , linux-fsdevel , linux-netdev To: Paul Moore , Tetsuo Handa Return-path: Received: from web36601.mail.mud.yahoo.com ([209.191.85.18]:29998 "HELO web36601.mail.mud.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1758610AbYDGW5V (ORCPT ); Mon, 7 Apr 2008 18:57:21 -0400 In-Reply-To: <200804071140.59247.paul.moore@hp.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: --- Paul Moore wrote: > On Friday 04 April 2008 8:23:12 am Tetsuo Handa wrote: > > This file contains modifications against kernel source code > > needed to use TOMOYO Linux 1.6. > > > > Although LSM hooks are provided for performing access control, > > TOMOYO Linux 1.6 doesn't use LSM because of the following reasons. > > Hello, > > I understand your frustration with the existing LSM hooks/API and your > reasoning for abandoning LSM in favor of a new set of hooks, however, I > think this sets a dangerous precedence which could result in an > abundance of security related hooks scattered throughout the kernel. I > would much rather see the LSM API extended/tweaked to support the needs > of SAKURA and TOMOYO than ignored and duplicated; I suspect several > others will say the same. The same. Casey Schaufler casey@schaufler-ca.com