LWN.net Logo

Advertisement

Writers Wanted

Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: Last question on rm -f unused_hooks*

[Posted October 2, 2002 by corbet]

From:  Greg KH <greg@kroah.com>
To:  Demetrios Lambrou <dlambrou@crazylinux.net>
Subject:  Re: Last question on rm -f unused_hooks*
Date:  Tue, 1 Oct 2002 09:38:14 -0700
Cc:  linux-security-module@wirex.com

On Tue, Oct 01, 2002 at 06:09:47AM -0400, Demetrios Lambrou wrote:
> 
> So you are saying that frequent changes to the base kernel (once LSM becomes
> part of the mainstream kernel) are ok and that Linus would be happy to have 
> new hooks added ,whenever there is a person that has a new LSM idea.

I do not speak for Linus, so I do not know.

> But he is not happy with the idea that there would be some hooks that
> are not used at the time of the merge. Maybe the LSM people should
> give it some more time before cutting out hooks.

I am not happy with the idea that there would be hooks in the kernel
that are not being used.  That's not the Linux way.  If the code isn't
being used, it's removed.  I do not expect to ask anyone to try to
maintain the presence of a hook that is not being used.

And personally, I will not ask Linus to accept a patch for a hook that
is not being used.  If you have a problem with my decision about this,
and think you can make a convincing argument to the upstream maintainer
of the specific piece of code where that hook lives, by all means,
please do.

> Why dont you keep it simple and stick to the original LSM design?

That sounds simple to me.  And what design rules am I breaking with this
statement?

> If you really think that some hooks should not be there, publish a new
> paper called the "New LSM framework" and then change the framework.

Hm, a bit touchy aren't we?  :)

Seriously, we are still mediating access to kernel objects, just like
the original design.  I don't see how getting rid of the module_* hooks
means we have a "whole brand new LSM framework" to deal with.

> The original paper is getting a bit out of date now. The framework is
> drifting slowly from truly generic to 5 or so existing LSMs specific.

Patches gladly accepted.  As all we have to work with is 5 or so
existing chunks of code that actually _use_ this framework, I don't know
what else we can use.

If you have a LSM module that needs one of the hooks that we are
proposing removing, speak up!

thanks,

greg k-h
_______________________________________________
linux-security-module mailing list
linux-security-module@wirex.com
http://mail.wirex.com/mailman/listinfo/linux-security-module
(Log in to post comments)

Copyright © 2002, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds