[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACLa4ptpGJ7YDTqmOvtHq_Ts9f72SBV6Q_HDDw1OebhxVOzU9w@mail.gmail.com>
Date: Fri, 31 Aug 2012 20:03:46 -0700
From: Eric Paris <eparis@...isplace.org>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Alan Cox <alan@...rguk.ukuu.org.uk>,
Kees Cook <keescook@...omium.org>,
linux-kernel@...r.kernel.org,
James Morris <james.l.morris@...cle.com>,
Eric Paris <eparis@...hat.com>, Jiri Kosina <jkosina@...e.cz>,
John Johansen <john.johansen@...onical.com>,
Dan Carpenter <dan.carpenter@...cle.com>,
Al Viro <viro@...iv.linux.org.uk>,
linux-security-module@...r.kernel.org
Subject: Re: [PATCH] security: unconditionally call Yama
On Fri, Aug 31, 2012 at 4:59 PM, Eric W. Biederman
<ebiederm@...ssion.com> wrote:
> From a overal kernel maintenance and use perspective the unconditional
> enablement is a pain.
>
> We long ago established the principle that compiling additional code
> into the kernel should not change the semenatics of the kernel.
>
> So this code needs to come with a command line or sysctl on/off switch
> not an unconditional enable.
Your argument makes zero sense. If I decide to build new code, that
new code can do something. It happens all the time. If you don't
like Yama, don't build Yama. If you don't like the only thing that
Yama does (it only implements one protection), disable that protection
from sysctl. I don't get it.
-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists