Re: [PATCH 1 of 4] ima: related TPM device driver interal kernel
interface
[Posted May 24, 2005 by corbet]
| From: |
| James Morris <jmorris-AT-redhat.com> |
| To: |
| Kylene Hall <kjhall-AT-us.ibm.com> |
| Subject: |
| Re: [PATCH 1 of 4] ima: related TPM device driver interal kernel
interface |
| Date: |
| Fri, 20 May 2005 10:56:20 -0400 (EDT) |
| Cc: |
| linux-kernel-AT-vger.kernel.org, Andrew Morton <akpm-AT-osdl.org>,
<sailer-AT-us.ibm.com>, <yoder1-AT-us.ibm.com>, <toml-AT-us.ibm.com>,
<emilyr-AT-us.ibm.com>, Chris Wright <chrisw-AT-osdl.org> |
Why are you using LSM for this?
LSM should be used for comprehensive access control frameworks which
significantly enhance or even replace existing Unix DAC security.
We're going to end up with a proliferation of arbitrary security features
lacking an overall architectural view (I've written about this before,
see http://www.ussg.iu.edu/hypermail/linux/kernel/0503.1/0300...).
I think it would be better to implement this directly.
- James
--
James Morris
<jmorris@redhat.com>
