The future of the Linux Security Module API
Posted Apr 20, 2006 13:43 UTC (Thu) by jamesm
In reply to: The future of the Linux Security Module API
Parent article: The future of the Linux Security Module API
This is a misrepresentation of the upstream review process, which will naturally include a challenge as to why a new patch should be accepted into the kernel, particularly if it is duplicating a subset or near-subset of existing code.
No SELinux developer has ever just said "it sucks", but instead would have probably spent a considerable amount of time reviewing the code and then posting a detailed response. It is very often the case that there are serious implementation and design flaws in submissions to the kernel. In the case of LSM in particular, the API has problems which foster the development of modules which are not appropriate as LSMs, and would often be better implemented as distinct kernel components to be called by other LSMs, or simply integrated into what was then the only significant LSM in the tree.
to post comments)