Sorry to be mean I still class this as all bad ideas. No LSM supports every setup. To be correct using containers to run many servers you will want to run different LSM in each container as the customer requests. So being loadable and unload able for containers is important.
Most LSM don't deal with users own security. Now lets get to the true problem. Standard security in Linux needs to be expanded and adding a build in LSM is not the solution. When I say Standard Secuirty I mean in the class of ACL and posix permissions where every user can set them. Things that need adding as standard limitation options of posix file capillarity applying to suid and guid bit programs. Means for everyone to apply there own limitations to applications. 1 File access maps listing what files a application is allowed to access or not access. 2 Network access limitations 3 Remove own capability from applications they are running. Like root user running a editor with only rw to files everywhere no more access right. Or a normal user running a application without w to any file. This is only a short list. Basically the means to take way your own granted permissions for anything you want to run. You can never grant more than you already have. Just like normal LSM limited applications must not be able to reach out and change there current stats. This is very flexible. Yet LSM still have there place since they can grant permissions where this is only a subtract system. LSM's can also use this expand default security to do there work.. Less code hopefully since common code could be shared. These alterations could be a direct benefit to wine to keep viruses inside wine from being able to get else where. Hopefully this structure would be flexible enough for pam and other existing systems to also apply restrictions to users. Current problems with LSM's is lack of flexibility to allow applications and users take control of there own future. Allowing applications and users to take control of there own space allows tighter security than what LSM's can ever do. Long term expanding down to internal threads inside applications. Peter Dolding - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
