From: Christoph Hellwig <hch@infradead.org>
To: "Stephen D. Smalley" <sds@epoch.ncsc.mil>
Cc: greg@kroah.com, torvalds@transmeta.com,
linux-security-module@wirex.com, linux-kernel@vger.kernel.org
Subject: Re: [BK PATCH] LSM changes for 2.5.59
Date: Wed, 5 Feb 2003 16:49:48 +0000 [thread overview]
Message-ID: <20030205164948.A22628@infradead.org> (raw)
In-Reply-To: <200302051647.LAA05940@moss-shockers.ncsc.mil>; from sds@epoch.ncsc.mil on Wed, Feb 05, 2003 at 11:47:05AM -0500
On Wed, Feb 05, 2003 at 11:47:05AM -0500, Stephen D. Smalley wrote:
> a classic kernel object (ctl_table) x operation interface, with the
> subject implicitly passed via current, just like permission() for
> inodes. A security module can leave the hook unimplemented (no
> restrictions beyond DAC), or implement a purely process-based
> restriction or implement fine-grained controls to individual sysctls.
> Sysctls are already exposed to userspace via sysctl(2) and/or
> /proc/sys, so I'm not sure what the concern is there. Nothing
> complicated here.
The wrong thing here is that you pass in the object itself, not
it's ACC-relevant attributes.
>
> As to your argument about LSM's flexibility, LSM simply followed the
> guidance on what would be accepted into 2.5. The original
> SELinux/Flask architecture was more tightly integrated and had
> well-defined boundaries while still providing substantial flexibility,
> but the response to the SELinux presentation was to move towards
> something more like LSM. Seems pointless to argue about it now, except
> as suggestions for future directions for LSM in 2.7.
No it seems not pointless. You add tons of undesigned cruft to 2.5 that
will have to be maintained through all of 2.6. unless Linus hopefully
pulls the plug soon enough. You still haven't even submitted a single
example that actually uses LSM into mainline.
Yes, I'm pissed that we get this crap all over the place, making code
harder to follow and that without any actual benefit to the mainline tree.
Please come up with something better for 2.7 and leave 2.5 alone, this will
help anyone.
next prev parent reply other threads:[~2003-02-05 16:40 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-05 16:47 [BK PATCH] LSM changes for 2.5.59 Stephen D. Smalley
2003-02-05 16:49 ` Christoph Hellwig [this message]
2003-02-05 22:07 ` Greg KH
2003-02-05 22:30 ` Christoph Hellwig
2003-02-05 22:39 ` Russell Coker
2003-02-05 22:41 ` Christoph Hellwig
-- strict thread matches above, loose matches on Subject: below --
2003-02-13 4:08 Mika Kukkonen
2003-02-12 16:58 Makan Pourzandi (LMC)
2003-02-12 18:45 ` 'Christoph Hellwig'
2003-02-12 19:11 ` magniett
2003-02-12 18:38 ` 'Christoph Hellwig'
2003-02-12 22:22 ` Crispin Cowan
2003-02-12 15:37 Pete Loscocco
[not found] <b28k4f$hp4$1@abraham.cs.berkeley.edu>
2003-02-12 8:27 ` LA Walsh
2003-02-10 19:57 Stephen D. Smalley
2003-02-10 22:38 ` LA Walsh
2003-02-10 16:55 Stephen D. Smalley
2003-02-11 8:05 ` Christoph Hellwig
2003-02-13 11:08 ` Chris Wright
2003-02-06 15:02 Stephen D. Smalley
2003-02-06 15:18 ` Christoph Hellwig
2003-02-06 17:16 ` David Wagner
2003-02-06 17:45 ` Christoph Hellwig
2003-02-06 17:51 ` Alan Cox
2003-02-08 2:20 ` jmjones
2003-02-08 4:13 ` Miles Bader
2003-02-09 20:06 ` Christoph Hellwig
2003-02-10 1:39 ` Crispin Cowan
2003-02-10 3:02 ` LA Walsh
2003-02-10 3:40 ` Crispin Cowan
2003-02-10 7:34 ` LA Walsh
2003-02-10 8:11 ` Chris Wright
2003-02-10 8:21 ` 'Christoph Hellwig'
2003-02-10 8:33 ` Crispin Cowan
2003-02-10 8:39 ` 'Christoph Hellwig'
2003-02-10 13:31 ` Alan Cox
2003-02-10 17:29 ` Casey Schaufler
2003-02-10 20:51 ` LA Walsh
2003-02-10 21:36 ` David Wagner
2003-02-10 22:14 ` Bill Davidsen
2003-02-11 1:35 ` Dave Jones
2003-02-11 19:44 ` Bill Davidsen
2003-02-10 4:06 ` J Sloan
2003-02-10 5:59 ` David Wagner
2003-02-10 7:31 ` Christoph Hellwig
2003-02-05 16:59 Stephen D. Smalley
2003-02-05 15:00 Stephen D. Smalley
2003-02-05 15:34 ` Christoph Hellwig
2003-02-05 16:26 ` Mark Hahn
2003-02-05 13:45 Stephen D. Smalley
2003-02-05 14:13 ` Christoph Hellwig
2003-02-05 4:15 Greg KH
2003-02-05 8:47 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030205164948.A22628@infradead.org \
--to=hch@infradead.org \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
--cc=sds@epoch.ncsc.mil \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox