From: "Jack O'Quin" <jack.oquin@gmail.com>
To: Andrew Morton <akpm@osdl.org>
Cc: Christoph Hellwig <hch@infradead.org>,
linux-kernel@vger.kernel.org,
Paul Davis <paul@linuxaudiosystems.com>,
Con Kolivas <kernel@kolivas.org>,
rlrevell@joe-job.com, Chris Wright <chrisw@osdl.org>,
Ingo Molnar <mingo@elte.hu>
Subject: Re: 2.6.11-rc3-mm2
Date: Thu, 10 Feb 2005 14:51:44 -0600 [thread overview]
Message-ID: <a075431a050210125145d51e8c@mail.gmail.com> (raw)
[direct reply bounced, resending via gmail]
Andrew Morton <akpm@osdl.org> writes:
> Christoph Hellwig <hch@infradead.org> wrote:
> >
> > On Thu, Feb 10, 2005 at 02:35:08AM -0800, Andrew Morton wrote:
> > >
> > >
> > > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc3/2.6.11-rc3-mm2/
> > >
> > >
> > > - Added the mlock and !SCHED_OTHER Linux Security Module for the audio guys.
> > > It seems that nothing else is going to come along and this is completely
> > > encapsulated.
> >
> > Even if we accept a module that grants capabilities to groups this
> > isn't fine yet because it only supports two specific capabilities
> > (and even those two in different ways!) instead of adding generic
> > support to bind capabilities to groups.
>
> I'm sure that got discussed somewhere in the 1000 emails which flew past
> last time. Jack?
[adding cc: for the main discussion participants]
Most people felt that a more general capabilities module would be nice
to have. But, no one offered any code, or volunteered to work on it.
I have no objection to that approach, but am not willing or able to do
it myself. My opinion is that expanding the scope of the LSM would
significantly increase its security risk. That job needs to be done
very carefully, by someone with a deep understanding of the kernel's
internal use of capabilities.
Perhaps, Christoph's suggestion could become part of a more general
module, which might replace the RT-LSM in the 2.8 timeframe. Our LSM
is a modest solution aimed at solving the immediate needs of audio
developers and users with minimal impact on kernel security or
correctness.
next reply other threads:[~2005-02-10 20:53 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-10 20:51 Jack O'Quin [this message]
2005-02-11 0:04 ` 2.6.11-rc3-mm2 Matt Mackall
2005-02-11 0:47 ` 2.6.11-rc3-mm2 Chris Wright
2005-02-11 2:09 ` 2.6.11-rc3-mm2 Matt Mackall
2005-02-11 2:22 ` 2.6.11-rc3-mm2 Nick Piggin
2005-02-11 3:26 ` 2.6.11-rc3-mm2 Peter Williams
2005-02-11 3:41 ` 2.6.11-rc3-mm2 Paul Davis
2005-02-11 5:04 ` 2.6.11-rc3-mm2 Nick Piggin
2005-02-11 6:34 ` 2.6.11-rc3-mm2 Peter Williams
2005-02-11 6:42 ` 2.6.11-rc3-mm2 Nick Piggin
2005-02-11 5:09 ` 2.6.11-rc3-mm2 Peter Williams
2005-02-11 6:57 ` 2.6.11-rc3-mm2 Matt Mackall
2005-02-11 7:54 ` 2.6.11-rc3-mm2 Ingo Molnar
2005-02-11 8:25 ` 2.6.11-rc3-mm2 Matt Mackall
2005-02-11 8:48 ` 2.6.11-rc3-mm2 Ingo Molnar
2005-02-11 8:58 ` 2.6.11-rc3-mm2 Matt Mackall
2005-02-11 9:01 ` 2.6.11-rc3-mm2 Ingo Molnar
2005-02-11 9:04 ` 2.6.11-rc3-mm2 Ingo Molnar
2005-02-11 9:27 ` 2.6.11-rc3-mm2 Matt Mackall
2005-02-11 17:49 ` 2.6.11-rc3-mm2 Paul Davis
2005-02-11 19:42 ` 2.6.11-rc3-mm2 Matt Mackall
2005-02-11 19:57 ` 2.6.11-rc3-mm2 Lee Revell
2005-02-11 8:14 ` 2.6.11-rc3-mm2 Ingo Molnar
2005-02-11 8:22 ` 2.6.11-rc3-mm2 Christoph Hellwig
2005-02-11 8:41 ` 2.6.11-rc3-mm2 Matt Mackall
2005-02-11 8:59 ` 2.6.11-rc3-mm2 Ingo Molnar
2005-02-11 9:40 ` 2.6.11-rc3-mm2 Matt Mackall
2005-02-11 9:53 ` 2.6.11-rc3-mm2 Ingo Molnar
2005-02-11 17:37 ` 2.6.11-rc3-mm2 Matt Mackall
2005-02-11 17:49 ` 2.6.11-rc3-mm2 Ingo Molnar
2005-02-11 20:10 ` 2.6.11-rc3-mm2 Matt Mackall
2005-02-11 17:45 ` 2.6.11-rc3-mm2 Paul Davis
2005-02-14 5:21 ` 2.6.11-rc3-mm2 Werner Almesberger
-- strict thread matches above, loose matches on Subject: below --
2005-02-10 10:35 2.6.11-rc3-mm2 Andrew Morton
2005-02-10 13:35 ` 2.6.11-rc3-mm2 Christoph Hellwig
2005-02-10 20:01 ` 2.6.11-rc3-mm2 Andrew Morton
2005-02-12 22:43 ` 2.6.11-rc3-mm2 Olaf Dietsche
2005-02-10 22:13 ` 2.6.11-rc3-mm2 Corey Minyard
2005-02-10 22:42 ` 2.6.11-rc3-mm2 Benjamin Herrenschmidt
2005-02-10 23:02 ` 2.6.11-rc3-mm2 Andrew Morton
2005-02-10 23:31 ` 2.6.11-rc3-mm2 Benjamin Herrenschmidt
2005-02-10 23:17 ` 2.6.11-rc3-mm2 Adrian Bunk
2005-02-11 16:29 ` 2.6.11-rc3-mm2 Yuval Tanny
2005-02-12 14:53 ` 2.6.11-rc3-mm2 Henning Rohde
2005-02-14 13:22 ` 2.6.11-rc3-mm2 Stefano Rivoir
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a075431a050210125145d51e8c@mail.gmail.com \
--to=jack.oquin@gmail.com \
--cc=akpm@osdl.org \
--cc=chrisw@osdl.org \
--cc=hch@infradead.org \
--cc=kernel@kolivas.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=paul@linuxaudiosystems.com \
--cc=rlrevell@joe-job.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox