Sorry for the double post. I miss something important. Statically built in LSM only allows vendor lock out on containers too. Since you will only be able to use Distros in the containers that have the right security module or there will be security flawed. So I do have to ask why a person is truly asking for static LSMs only. There are two possible motives one for the good of security the other for market control.
So no matter how you cut it this idea is bad. Static as optional is enough. Loadable will always be required for some setups. If you were talking about limiting the loadable that is a different matter. Peter Dolding - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
