[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20071012214227.GY10703@outflux.net>
Date: Fri, 12 Oct 2007 14:42:27 -0700
From: Kees Cook <kees@...ntu.com>
To: linux-kernel@...r.kernel.org
Subject: static LSM objection
Hi,
I just wanted to voice my opinion about the static LSM changes.
(I apologize about being late[1] to the discussion[2] -- I'd only recently
become aware of it.) I'm personally really against this. For example,
I want to give people choice about their security protections in Ubuntu,
and I'd like to let them pick the MAC that suits their needs.
Some people want SELinux, some people want AppArmor. (Yes, I know
AppArmor isn't in mainline yet, but it does seem they're getting closer --
three distros are shipping AppArmor. The static changes feel motivated
by political rather than technical reason -- though it of course have
technical merit.) Considering things like SMACK and TOMOYO, it is going
to be very troublesome for distros to have to start building multiple
kernels to support each given MAC that their users want to use.
So, unless this is just re-hashing and you can point me to discussion
points I missed, can someone help me understand the technical issues
around this change? It sounds like the primary reason for making it
non-modular is performance loss due to call overhead. Aren't there
other ways to solve this without removing the boot-time module choice?
(Make it unloadable?)
I'm not convinced that the advantages of making it static out-weigh the
benefit of having it as a choice at boot-time. (I don't really mind
needing a reboot to switch MAC implementations, as long as there is some
benefit from making them unloadable, though it sounds like there are
people would are against making LSMs unloadable too.)
Thanks,
-Kees
/me pops the safety off his fire extinguisher
[1] http://lkml.org/lkml/2007/7/19/228
[2] http://lkml.org/lkml/2007/7/14/91
--
Kees Cook
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists