[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0710251328150.17781@fbirervta.pbzchgretzou.qr>
Date: Thu, 25 Oct 2007 13:33:58 +0200 (CEST)
From: Jan Engelhardt <jengelh@...putergmbh.de>
To: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
cc: Adrian Bunk <bunk@...nel.org>, Alan Cox <alan@...rguk.ukuu.org.uk>,
Andreas Gruenbacher <agruen@...e.de>,
Bernd Petrovitsch <bernd@...mix.at>,
Casey Schaufler <casey@...aufler-ca.com>,
Chris Wright <chrisw@...s-sol.org>,
Crispin Cowan <crispin@...spincowan.com>,
Giacomo Catenazzi <cate@...ian.org>,
James Morris <jmorris@...ei.org>,
Jeremy Fitzhardinge <jeremy@...p.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
linux-security-module@...r.kernel.org,
Ray Lee <ray-lk@...rabbit.org>,
Simon Arlott <simon@...e.lp0.eu>,
Thomas Fricaccia <thomas_fricacci@...oo.com>
Subject: Re: LSM conversion to static interface
As I read through LWN today, I noted the following comment,
http://lwn.net/Articles/255832/ :
Personally, I think it's absolutely essential to be able to
build a kernel with dynamic LSM. Whether we like it or not,
people do want to add in runtime loadable security modules for
things like virus scanners, and until upstream offers these
folks a viable alternative to LSM...well, they'll use it.
Which reminded me of the TuxGuardian LSM[1] - another of the real-world
uses to meet Linus's criteria? ("had examples of their real-world use to
step forward and explain their use")
In this specific project, LSM is used to collect up calls to bind() and
connect() and pass them to userspace, e.g. do it ZoneAlarm-style and
display a dialog window. Its codebase is probably not too up-to-date
(website says last change last April - but I guess that's a no-brainer
to update it).
[1] http://tuxguardian.sf.net/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists