|| ||James Morris <jmorris-AT-redhat.com>|
|| ||Chris Wright <chrisw-AT-osdl.org>|
|| ||Re: [RFC] [PATCH] [0/6] LSM Stacking|
|| ||Thu, 4 Nov 2004 21:16:25 -0500 (EST)|
|| ||"Serge E. Hallyn" <serue-AT-us.ibm.com>, Andrew Morton <akpm-AT-osdl.org>,
lkml <linux-kernel-AT-vger.kernel.org>, Stephen Smalley <sds-AT-epoch.ncsc.mil>|
On Thu, 4 Nov 2004, Chris Wright wrote:
> Understood, although I don't think you'll get SELinux folks to agree
> that it could be useful in conjuction with other modules like that.
SELinux folks have differing opinions. Security module stacking would
obviously be useful for research & development, but there is a question in
my mind of whether this is justification enough for the feature in a
If it turns out to be generally useful to stack some security modules,
then it might be better to incorporate their functionality into SELinux
(or some other single module) so that policy and configuration can be
managed and analyzed under one system.
Something to keep in mind is that SELinux is a generic access control
framework specifically designed to allow flexible composition of different
security models under a centralized security policy.
LSM is a useful framework for implementing different security _systems_,
but I don't think it's suitable for composition of security models.
That's what SELinux is for.
> The real bottom line is that it can't slow anything down for the single
> module case.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to email@example.com
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
to post comments)