LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The future of the Linux Security Module API

The future of the Linux Security Module API

Posted Apr 20, 2006 12:22 UTC (Thu) by nix (subscriber, #2304)
Parent article: The future of the Linux Security Module API

Another LSM user is digsig, found at <http://disec.sf.net/>.

There seem to be quite a lot of LSM users: it's just that nobody submits them to the kernel, because they've seen what happens when anyone tries: a bunch of SELinux hackers pop up and say 'oh it sucks because you can do it with SELinux in {fiendishly complex way}.'

The latest victim of this is, as you said, AppArmor...

(Log in to post comments)

The future of the Linux Security Module API

Posted Apr 20, 2006 13:43 UTC (Thu) by jamesm (guest, #2273) [Link]

This is a misrepresentation of the upstream review process, which will naturally include a challenge as to why a new patch should be accepted into the kernel, particularly if it is duplicating a subset or near-subset of existing code.

No SELinux developer has ever just said "it sucks", but instead would have probably spent a considerable amount of time reviewing the code and then posting a detailed response. It is very often the case that there are serious implementation and design flaws in submissions to the kernel. In the case of LSM in particular, the API has problems which foster the development of modules which are not appropriate as LSMs, and would often be better implemented as distinct kernel components to be called by other LSMs, or simply integrated into what was then the only significant LSM in the tree.

The future of the Linux Security Module API

Posted Apr 20, 2006 19:30 UTC (Thu) by hingo (guest, #14792) [Link]

So you are saying that according to the upstream review process, you cannot get another LSM user included if it does roughly the same thing as SELinux or a subset of it and also that if SELinux is the only LSM user in the kernel mainline it will be removed... nice logic.

(Nothing personal, I just realised that what you described might actually be close to reality.)

The future of the Linux Security Module API

Posted Apr 20, 2006 19:41 UTC (Thu) by jamesm (guest, #2273) [Link]

No, I am not saying that.

All code being submitted to the mainline kernel needs to be reviewed and justified before acceptance. One of the challenges is to demonstrate why the new code is needed, which reasonably includes asking things like "why partially duplicate something which is already there?"

The future of the Linux Security Module API

Posted Apr 20, 2006 20:55 UTC (Thu) by nix (subscriber, #2304) [Link]

You're right, that was a misremembering on my part. The SELinux developers didn't say it sucks.

Christoph Hellwig did (actually he called it bullshit).

(Mind you, he seems to be trying for the Al Viro Insult Award, although he seems to have missed the bit in the rulebook that says that the insults have to be *unusual*; insults in obscure dialects or dead languages gain extra credit. The ideal insult is one so obscure that the recipient doesn't have a clue he's been insulted, but clear enough that everyone else on the list knows perfectly well.)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds