From: Christoph Hellwig <hch@infradead.org>
To: "Stephen D. Smalley" <sds@epoch.ncsc.mil>
Cc: greg@kroah.com, torvalds@transmeta.com,
linux-security-module@wirex.com, linux-kernel@vger.kernel.org
Subject: Re: [BK PATCH] LSM changes for 2.5.59
Date: Thu, 6 Feb 2003 15:18:20 +0000 [thread overview]
Message-ID: <20030206151820.A11019@infradead.org> (raw)
In-Reply-To: <200302061502.KAA06538@moss-shockers.ncsc.mil>; from sds@epoch.ncsc.mil on Thu, Feb 06, 2003 at 10:02:37AM -0500
On Thu, Feb 06, 2003 at 10:02:37AM -0500, Stephen D. Smalley wrote:
> The capabilities module is one example, albeit a limited one. As for
> modules like SELinux, it seems better to wait until all of the
> necessary hooks have either been accepted or definitively rejected
> before submitting an adapted form of the module for mainline. After
> this set of changes, the only thing remaining is the networking hooks,
> which have already gone through a feedback cycle with the networking
> maintainers and are being pruned and revised accordingly.
Well, selinux is still far from a mergeable shape and even needed additional
patches to the LSM tree last time I checked. This think of submitting hooks
for code that obviously isn't even intende to be merged in mainline is what
I really dislike, and it's the root for many problems with LSM.
There has been a history in Linux to only implement what actually needed
now instead of "clever" overdesigns that intend to look into the future,
LSM is a gross voilation of that principle. Just look at the modules in
the LSM source tree: the only full featured security policy in addition
to the traditional Linux model is LSM, all the other stuff is just some
additionl checks here and there.
I'm very serious about submitting a patch to Linus to remove all hooks not
used by any intree module once 2.6.0-test.
Life would be a lot simpler if you got the core flask engine in a mergeable
shapre earlier and we could have merged the hooks for actually using it
incrementally during 2.5, discussing the pros and contras for each hook
given an actual example - but the current way of adding extremly generic
hooks (despite the naming they are in no ways tied to enforcing security
models at all) without showing and discussing the code behind them simply
makes that impossible.
So yes, my suggestion is to backout the whole LSM mess for 2.6, merge
a sample policy core (i.e. a cleaned up flask/selinux) in 2.7.<early> and
then add one hook after another and discussing the architecture openly
where it belongs (here on lkml!).
next prev parent reply other threads:[~2003-02-06 15:08 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-06 15:02 [BK PATCH] LSM changes for 2.5.59 Stephen D. Smalley
2003-02-06 15:18 ` Christoph Hellwig [this message]
2003-02-06 17:16 ` David Wagner
2003-02-06 17:45 ` Christoph Hellwig
2003-02-06 17:51 ` Alan Cox
2003-02-08 2:20 ` jmjones
2003-02-08 4:13 ` Miles Bader
2003-02-09 20:06 ` Christoph Hellwig
2003-02-10 1:39 ` Crispin Cowan
2003-02-10 3:02 ` LA Walsh
2003-02-10 3:40 ` Crispin Cowan
2003-02-10 7:34 ` LA Walsh
2003-02-10 8:11 ` Chris Wright
2003-02-10 8:21 ` 'Christoph Hellwig'
2003-02-10 8:33 ` Crispin Cowan
2003-02-10 8:39 ` 'Christoph Hellwig'
2003-02-10 13:31 ` Alan Cox
2003-02-10 17:29 ` Casey Schaufler
2003-02-12 8:12 ` side issues of baloney with that ham...(was LSM changes for 2.5.59) LA Walsh
2003-02-10 20:51 ` [BK PATCH] LSM changes for 2.5.59 LA Walsh
2003-02-10 21:36 ` David Wagner
2003-02-10 22:14 ` Bill Davidsen
2003-02-11 1:35 ` Dave Jones
2003-02-11 13:59 ` the modules problems Roman Zippel
2003-02-11 19:44 ` [BK PATCH] LSM changes for 2.5.59 Bill Davidsen
2003-02-10 4:06 ` J Sloan
2003-02-10 5:59 ` David Wagner
2003-02-10 7:31 ` Christoph Hellwig
-- strict thread matches above, loose matches on Subject: below --
2003-02-13 4:08 Mika Kukkonen
2003-02-12 16:58 Makan Pourzandi (LMC)
2003-02-12 18:45 ` 'Christoph Hellwig'
2003-02-12 19:11 ` magniett
2003-02-12 18:38 ` 'Christoph Hellwig'
2003-02-12 22:22 ` Crispin Cowan
2003-02-12 15:37 Pete Loscocco
[not found] <b28k4f$hp4$1@abraham.cs.berkeley.edu>
2003-02-12 8:27 ` LA Walsh
2003-02-10 19:57 Stephen D. Smalley
2003-02-10 22:38 ` LA Walsh
2003-02-10 16:55 Stephen D. Smalley
2003-02-11 8:05 ` Christoph Hellwig
2003-02-13 11:08 ` Chris Wright
2003-02-05 16:59 Stephen D. Smalley
2003-02-05 16:47 Stephen D. Smalley
2003-02-05 16:49 ` Christoph Hellwig
2003-02-05 22:07 ` Greg KH
2003-02-05 22:30 ` Christoph Hellwig
2003-02-05 22:39 ` Russell Coker
2003-02-05 22:41 ` Christoph Hellwig
2003-02-05 15:00 Stephen D. Smalley
2003-02-05 15:34 ` Christoph Hellwig
2003-02-05 16:26 ` Mark Hahn
2003-02-05 13:45 Stephen D. Smalley
2003-02-05 14:13 ` Christoph Hellwig
2003-02-05 4:15 Greg KH
2003-02-05 8:47 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030206151820.A11019@infradead.org \
--to=hch@infradead.org \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
--cc=sds@epoch.ncsc.mil \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox