lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070628135001.GA11666@sgi.com>
Date:	Thu, 28 Jun 2007 08:50:01 -0500
From:	Bill O'Donnell <billodo@....com>
To:	Casey Schaufler <casey@...aufler-ca.com>
Cc:	David Miller <davem@...emloft.net>, crispin@...ell.com,
	seanlkml@...patico.ca, bunk@...sta.de, akpm@...ux-foundation.org,
	jjohansen@...e.de, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org
Subject: Re: [AppArmor 00/44] AppArmor security module overview

On Wed, Jun 27, 2007 at 05:27:17PM -0700, Casey Schaufler wrote:
| 
| --- David Miller <davem@...emloft.net> wrote:
| 
| > From: Crispin Cowan <crispin@...ell.com>
| > Date: Wed, 27 Jun 2007 15:46:57 -0700
| > 
| > > But we do not want to prevent other people from using SELinux if it
| > > suits them. Linux is about choice, and that is especially vital in
| > > security. As Linus himself observed when LSM was started, there are a
| > > lot of security models, they have various strengths and weaknesses, and
| > > often are not compatible with each other. That is why it is important
| > > that LSM persist, that SELinux not be the only in-tree user of LSM, and
| > > why we think AppArmor should be included upstream, so that non-SUSE
| > > users can also use AppArmor if it suits them.
| > 
| > Anyone can apply the apparmour patch to their tree, they get the
| > choice that way.  Nobody is currently prevented from using apparmour
| > if they want to, any such suggestion is pure rubbish.
| 
| The exact same argument was made prior to SELinux going upstream.
| Look, if you can't be right, try at least to be original.
| 
| > It is even more incredulious to imply that just by having apparmour
| > in the upstream kernel all the userland bits will magically appear
| > on every user's distribution.
| 
| Just like all the SELinux userland magically appeared in everyone's
| distribution? Nope, didn't happen.
| 
| > Give me a break.
| 
| No. You are out of line and spewing ignorance.

Please.
I really wish this thread would stick to the technical matter and 
dispense with the infernile sniping on one hand and stroking of
egos on the other.  Sheesh - some of us are actually trying to glean
something useful from all of this.

| 
| > What you get by the code going into the upstream kernel tree is that
| > it a) adds some pseudo legitimacy to AppArmour (which I don't
| > personally think is warranted) and b) gets the work of keeping
| > apparmour working with upstream largely off of your back and in the
| > hands of the upstream community.
| 
| Duh. Those are pretty much the reasons anyone goes through the
| trouble of getting anything upstream.
| 
| > Neither of those are reasons why something should go into the tree.
| 
| They reflect the corporate reality of the open source community.
| If you're going to go down the "open source isn't for money"
| rathole please take it elsewhere. I've heard the arguments so many
| times I can sing them to the tune of "Lady Madonna".
| 
| > Frankly I think AppArmour is a joke,
| 
| "SELinux, AppArmor, and Hilary Clinton walk into a bar ..."

Yawn.  Not funny. See above comment.

| > and all of this integration with
| > LSM business is just a face saving effort, nothing more.  And saving
| > face is not, and has never been, a reason for something to be put into
| > the upstream tree.
| 
| Believe what you will. Crispin has been working with LSM from the
| inception those many years ago. He's been working on getting this
| module in for over a year. If you don't like his module go write
| your own and put him out of business.

Now this is getting really boring.  See above comment.
Can't we just stay on point?

-- 
Bill O'Donnell
SGI
billodo@....com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ