[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <471CE238.5040107@qumranet.com>
Date: Mon, 22 Oct 2007 19:47:36 +0200
From: Avi Kivity <avi@...ranet.com>
To: Greg KH <greg@...ah.com>
CC: Thomas Fricaccia <thomas_fricacci@...oo.com>,
Crispin Cowan <crispin@...spincowan.com>,
linux-kernel@...r.kernel.org,
LSM ML <linux-security-module@...r.kernel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: LSM conversion to static interface
Greg KH wrote:
> On Sun, Oct 21, 2007 at 07:24:42PM -0700, Thomas Fricaccia wrote:
>
>> Yes, I think Crispin has succinctly summed it up: irrevocably closing
>> the LSM prevents commercial customers from using security modules other
>> than that provided by their Linux distributor.
>>
>
> Any "customer" using a security model other than provided by their Linux
> distributor instantly voided all support from that distro by doing that.
>
> So, since the support is gone, they can easily build their own kernels,
> with their own LSM interfaces, and get the exact same lack of support :)
>
>
Running a vendor kernel has the advantage of reusing all the QA work
that has gone into that kernel. It is very different from running
2.6.24-rc1 (or 2.6.22.x). Hence projects like centos: you don't get any
support, but the likelihood of actually requiring support is lower than
running some random kernel.
[but I agree that someone who has somehow determined that they need a
specific LSM will probably have determined that they need vendor support
as well]
--
error compiling committee.c: too many arguments to function
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists