Alan Cox wrote: > On Sun, 21 Oct 2007 19:24:42 -0700 > "Thomas Fricaccia" <[EMAIL PROTECTED]> wrote >> Yes, I think Crispin has succinctly summed it up: irrevocably closing >> the LSM prevents commercial customers from using security modules other >> than that provided by their Linux distributor. As Sarbanes-Oxley and >> other regulatory laws require these customers to use "standard >> kernels", the result is a rather dreary form of vendor lock-in, where the >> security framework is coupled to the distribution. >> > Crispin at least is providing genuine discussion points. Sarbox has > nothing to say on "using vendor linux kernels". > I agree that SarBox is not really the issue here. Partially related is enterprise rules about what kernels one is allowed to load. More generally, this change forces users who want to use a different LSM than their vendor provides to recompile their kernel, where they did not have to recompile before. It forces LSM module developers who want to modify their LSM to reboot, where they didn't necessarily have to reboot before.
That is not a catastrophe, it is just tedious. It does not kill baby seals, and it does not make Linux utterly useless. OTOH, I think it is strictly negative: it takes away user choice in 2 dimensions, and adds zero value. So apply it if you must to bake the kernel developer's lives easier, but it really is a net loss in Linux kernel capability. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Itanium. Vista. GPLv3. Complexity at work - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/