From: magniett <Frederic.Magniette@lri.fr>
To: "Makan Pourzandi (LMC)" <Makan.Pourzandi@ericsson.ca>
Cc: "'Christoph Hellwig'" <hch@infradead.org>,
"Stephen D. Smalley" <sds@epoch.ncsc.mil>,
greg@kroah.com, torvalds@transmeta.com,
linux-security-module@wirex.com, linux-kernel@vger.kernel.org
Subject: Re: [BK PATCH] LSM changes for 2.5.59
Date: Wed, 12 Feb 2003 19:11:09 +0000 [thread overview]
Message-ID: <3E4A9C4D.F580576E@lri.fr> (raw)
In-Reply-To: 7B2A7784F4B7F0409947481F3F3FEF8305CC954F@eammlex037.lmc.ericsson.se
"Makan Pourzandi (LMC)" a écrit :
> > > > I'm very serious about submitting a patch to Linus to
> > remove all hooks not
> > > > used by any intree module once 2.6.0-test.
> > >
> > > Any idea on how much time that gives us (to rework SELinux
> > and submit
> > > it)?
> >
>
> Further more, I believe that LSM encourages the developers in the community to take initiatives related to security in Linux. This way, it helps developing different security approaches. This at the end, even if we choose to go with only one approach and drop others, will help the diversity of existing solutions and the possibility of choosing among a set of solutions (hopefully the best one will be chosen). IMHO, to let people be able to come up with different security approaches, we have
> to let LSM be part of the kernel in order to encourage people to
> develop their approach.
>
> That was my 2 cents.
>
> Regards,
> Makan Pourzandi
Hi,
I'm the leader of a project, developping a sandbox (processes confinement environment) for Linux based on LSM.
Our approach is dedicated for peer-to-peer global computing environments. I totally agree with Makan about the
diversity of developpement : we dont have the same goals than SELinux. The LSM project followed two phases :
in a first one, everybody was thinking about what could be good to integrate in LSM and now (the second phase),
a few people think about what they can remove because they dont use it. We need a flexible and reasonably complete
framework to implement solutions. I recall that it was the original request from Linus : a generic framework to decide
which kind of security solutions are the best. If LSM fits only one or two policy requirements, the choice does not
exist. For finishing : PLEASE, stop reducing LSM possibilities : it cost a lot to develop things for a hook and then
redevelopping it for a classical syscall interposition.
bests
Frédéric Magniette (University of Orsay/CNRS)
next prev parent reply other threads:[~2003-02-12 18:24 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-12 16:58 [BK PATCH] LSM changes for 2.5.59 Makan Pourzandi (LMC)
2003-02-12 18:45 ` 'Christoph Hellwig'
2003-02-12 19:11 ` magniett [this message]
2003-02-12 18:38 ` 'Christoph Hellwig'
2003-02-12 22:22 ` Crispin Cowan
2003-02-12 23:05 ` What went wrong with LSM, was: " 'Christoph Hellwig'
2003-02-12 23:24 ` Jesse Pollard
2003-02-13 1:02 ` James Morris
2003-02-13 4:19 ` Crispin Cowan
[not found] ` <mailman.1045110181.1643.linux-kernel2news@redhat.com>
2003-02-13 5:12 ` Pete Zaitcev
2003-02-13 6:52 ` Crispin Cowan
2003-02-13 1:56 ` Casey Schaufler
2003-02-13 4:37 ` Crispin Cowan
-- strict thread matches above, loose matches on Subject: below --
2003-02-13 4:08 Mika Kukkonen
2003-02-12 15:37 Pete Loscocco
[not found] <b28k4f$hp4$1@abraham.cs.berkeley.edu>
2003-02-12 8:27 ` LA Walsh
2003-02-10 19:57 Stephen D. Smalley
2003-02-10 22:38 ` LA Walsh
2003-02-10 16:55 Stephen D. Smalley
2003-02-11 8:05 ` Christoph Hellwig
2003-02-13 11:08 ` Chris Wright
2003-02-06 15:02 Stephen D. Smalley
2003-02-06 15:18 ` Christoph Hellwig
2003-02-06 17:16 ` David Wagner
2003-02-06 17:45 ` Christoph Hellwig
2003-02-06 17:51 ` Alan Cox
2003-02-08 2:20 ` jmjones
2003-02-08 4:13 ` Miles Bader
2003-02-09 20:06 ` Christoph Hellwig
2003-02-10 1:39 ` Crispin Cowan
2003-02-10 3:02 ` LA Walsh
2003-02-10 3:40 ` Crispin Cowan
2003-02-10 7:34 ` LA Walsh
2003-02-10 8:11 ` Chris Wright
2003-02-10 8:21 ` 'Christoph Hellwig'
2003-02-10 8:33 ` Crispin Cowan
2003-02-10 8:39 ` 'Christoph Hellwig'
2003-02-10 13:31 ` Alan Cox
2003-02-10 17:29 ` Casey Schaufler
2003-02-10 20:51 ` LA Walsh
2003-02-10 21:36 ` David Wagner
2003-02-10 22:14 ` Bill Davidsen
2003-02-11 1:35 ` Dave Jones
2003-02-11 19:44 ` Bill Davidsen
2003-02-10 4:06 ` J Sloan
2003-02-10 5:59 ` David Wagner
2003-02-10 7:31 ` Christoph Hellwig
2003-02-05 16:59 Stephen D. Smalley
2003-02-05 16:47 Stephen D. Smalley
2003-02-05 16:49 ` Christoph Hellwig
2003-02-05 22:07 ` Greg KH
2003-02-05 22:30 ` Christoph Hellwig
2003-02-05 22:39 ` Russell Coker
2003-02-05 22:41 ` Christoph Hellwig
2003-02-05 15:00 Stephen D. Smalley
2003-02-05 15:34 ` Christoph Hellwig
2003-02-05 16:26 ` Mark Hahn
2003-02-05 13:45 Stephen D. Smalley
2003-02-05 14:13 ` Christoph Hellwig
2003-02-05 4:15 Greg KH
2003-02-05 8:47 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E4A9C4D.F580576E@lri.fr \
--to=frederic.magniette@lri.fr \
--cc=Makan.Pourzandi@ericsson.ca \
--cc=greg@kroah.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
--cc=sds@epoch.ncsc.mil \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox