On Mon, Jan 07, 2013 at 20:02 -0800, Casey Schaufler wrote: > On 1/7/2013 7:01 PM, Stephen Rothwell wrote: > > Let me ask Andrew's question: Why do you want to do this (what is the > > use case)? What does this gain us? > > There has been an amazing amount of development in system security > over the past three years. Almost none of it has been in the kernel. > One important reason that it is not getting done in the kernel is > that the current single LSM restriction requires an all or nothing > approach to security. Either you address all your needs with a single > LSM or you have to go with a user space solution, in which case you > may as well do everything in user space. [...]
You should also update Documentation/security/LSM.txt with new "security=" rules and rules of LSM stacking limitations. Motivation of stacking is probably worth noting in Documentation/ too. Thanks, -- Vasily Kulikov http://www.openwall.com - bringing security into open computing environments -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/