LSM stacking (again) [LWN.net]

LSM stacking (again)

Posted Jun 28, 2010 4:36 UTC (Mon) by raven667 (subscriber, #5198)
In reply to: LSM stacking (again) by dlang
Parent article: LSM stacking (again)

Your arguments do not convince me that the kernel developers are wrong in rejecting stackable LSM. What you describe, kernel hackers making their own new modules to test different security ideas, is already happening in the real world and is the reason we are having this conversation. You don't need this change to support testing, it's not clear where exactly it would be useful. Not just useful but it is not clear that a stackable approach would be better than just having a working security system, whichever one you like.

to post comments

LSM stacking (again)

Posted Jun 29, 2010 12:54 UTC (Tue) by mpr22 (subscriber, #60784) [Link]

My perspective is that we're in a "pick one" scenario, with the options being roughly:

The kernel team provides LSM stacking.
Someone writes an LSM which implements "LSM stacking" by some godawful collection of shims.
Someone writes a mindblowingly generic LSM in which everything is possible but nothing is easy. World+dog are happy up until they want to do something that conflicts with their distro defaults, at which point they meet Pain.
End users get stuck with the choice of either putting up with what the "big boys" want to implement in their LSMs, or using a "boutique" LSM that covers a particular case but doesn't really handle general security well enough.