|| ||James Morris <email@example.com>|
|| ||Christoph Hellwig <firstname.lastname@example.org>,
Andrew Morton <email@example.com>|
|| ||Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation
of LSM hooks)|
|| ||Mon, 17 Apr 2006 15:20:55 -0400 (EDT)|
|| ||Stephen Smalley <firstname.lastname@example.org>, T?r?k Edwin <email@example.com>,
firstname.lastname@example.org, Chris Wright <email@example.com>,
Linus Torvalds <firstname.lastname@example.org>|
On Mon, 17 Apr 2006, Christoph Hellwig wrote:
> > Or, better, remove LSM itself ;)
> Seriously that makes a lot of sense. All other modules people have come up
> with over the last years are irrelevant and/or broken by design.
It's been nearly a year since I proposed this, and we've not seen any
appropriate LSM modules submitted in that time.
The only reason I can see to not delete it immediately is to give BSD
secure levels users a heads-up, although I thought it was already slated
for removal. BSD secure levels is fundamentally broken and should
never have gone into mainline.
How about enough time to get us to 2.6.18, say, two months?
Signed-off-by: James Morris <email@example.com>
--- linux-2.6.17-rc1.o/Documentation/feature-removal-schedule.txt 2006-04-15 19:57:53.000000000
+++ linux-2.6.17-rc1.x/Documentation/feature-removal-schedule.txt 2006-04-17 15:18:15.000000000
@@ -246,3 +246,27 @@ Why: The interface no longer has any cal
Who: Nick Piggin <firstname.lastname@example.org>
+What: LSM (Linux Security Modules) including BSD Secure Levels.
+When: June 2006
+Why: In the years since LSM was included in the mainline kernel, SELinux
+ has been the only significant module implemented and also included
+ in the mainline kernel. So we have a generalized framework for
+ one user, SELinux, which itself is a generalized framework.
+ Thus, LSM will be removed, as it adds unecessary infrastructure,
+ performance overhead and complicates the code. It also attracts
+ a regular stream of misconceived and broken security module
+ submissions to mainline, such as BSD Security Levels, and
+ developers are seeing LSM as the answer to everything rather
+ than really thinking about what they need and how to architect
+ the code properly and generally. There is also a growing number
+ of proprietary modules hooking into LSM in usafe ways, not
+ necessarily even for security purposes. The LSM interface
+ semantics are too weak and such an API does not belong in the
+ mainline kernel.
+ See also, previous discussions on the issue:
+Who: James Morris <email@example.com>
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to firstname.lastname@example.org
More majordomo info at http://vger.kernel.org/majordomo-info.html