On Tue, Oct 11, 2005 at 01:27:27PM +0200, Christoph Hellwig wrote: > On Tue, Oct 11, 2005 at 06:24:20AM -0500, Geiger Guenter wrote: > > This means that it has to be dropped. Thats ok with me, it means less > > work. What was the reason again for not including the capabilities as > > a module ? > > Making Security modules actually modular means they don't have the full > view of the process and generally is a bad idea. For the specific case > of capabilities there even was an exploit in the past. If we want to > support a given security module in debian we should compile it into the > kernel statically.
If I recall, lsm wasn't well recieved upstream, in which case dropping it is probably a good idea anyway. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
