[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20071023160520.GV30533@stusta.de>
Date: Tue, 23 Oct 2007 18:05:20 +0200
From: Adrian Bunk <bunk@...nel.org>
To: Avi Kivity <avi@...ranet.com>
Cc: Greg KH <greg@...ah.com>,
Thomas Fricaccia <thomas_fricacci@...oo.com>,
Crispin Cowan <crispin@...spincowan.com>,
linux-kernel@...r.kernel.org,
LSM ML <linux-security-module@...r.kernel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: LSM conversion to static interface
On Mon, Oct 22, 2007 at 07:47:36PM +0200, Avi Kivity wrote:
> Greg KH wrote:
>> On Sun, Oct 21, 2007 at 07:24:42PM -0700, Thomas Fricaccia wrote:
>>
>>> Yes, I think Crispin has succinctly summed it up: irrevocably closing
>>> the LSM prevents commercial customers from using security modules other
>>> than that provided by their Linux distributor.
>>>
>>
>> Any "customer" using a security model other than provided by their Linux
>> distributor instantly voided all support from that distro by doing that.
>>
>> So, since the support is gone, they can easily build their own kernels,
>> with their own LSM interfaces, and get the exact same lack of support :)
>
> Running a vendor kernel has the advantage of reusing all the QA work that
> has gone into that kernel. It is very different from running 2.6.24-rc1
> (or 2.6.22.x). Hence projects like centos: you don't get any support, but
> the likelihood of actually requiring support is lower than running some
> random kernel.
You can also get the QA work by building your own kernel from vendor
kernel sources.
E.g. the Debian distribution ships a package linux-source-2.6.18 that
contains a linux-source-2.6.18.tar.bz2 with the patched 2.6.18 kernel
sources Debian uses for building its kernels.
> [but I agree that someone who has somehow determined that they need a
> specific LSM will probably have determined that they need vendor support as
> well]
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists