On Tue, Jul 24, 2007 at 01:58:46AM -0700, Andrew Morton wrote:
> On Tue, 24 Jul 2007 01:53:58 -0700 Greg KH <[EMAIL PROTECTED]> wrote:
>
> > On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote:
> > > On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]>
> > > wrote:
On Tue, 24 Jul 2007 01:53:58 -0700 Greg KH <[EMAIL PROTECTED]> wrote:
> On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote:
> > On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]>
> > wrote:
> >
> > > Convert LSM into a static interface
> >
> > allmodconfig brok
On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote:
> On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]>
> wrote:
>
> > Convert LSM into a static interface
>
> allmodconfig broke
>
> security/built-in.o: In function `rootplug_bprm_check_security':
> security/ro
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]> wrote:
> Convert LSM into a static interface
allmodconfig broke
security/built-in.o: In function `rootplug_bprm_check_security':
security/root_plug.c:64: undefined reference to `usb_find_device'
security/root_plug.c:70: un
Quoting Arjan van de Ven ([EMAIL PROTECTED]):
>
> >
> > :)
> >
> > Actually, given that when lsm was being introduced, lsm seemed to
> > improve performance overall, have you taken any measurements to show
> > that this is actually the case? Of course it makes sense that it would,
> > but witjo
>
> :)
>
> Actually, given that when lsm was being introduced, lsm seemed to
> improve performance overall, have you taken any measurements to show
> that this is actually the case? Of course it makes sense that it would,
> but witjout measurements we do not know.
SuSE did a bunch of measureme
* Serge E. Hallyn ([EMAIL PROTECTED]) wrote:
> Actually, given that when lsm was being introduced, lsm seemed to
> improve performance overall, have you taken any measurements to show
> that this is actually the case? Of course it makes sense that it would,
> but witjout measurements we do not kno
On Thu, Jul 19, 2007 at 09:54:30AM -0700, Arjan van de Ven wrote:
> the next step after this patch is to have an option to get rid of all
> the function pointer chasing (which is expensive) for the case where you
> know you only want one security module (which you then can turn on or
> off)... that
Quoting Arjan van de Ven ([EMAIL PROTECTED]):
>
> > Right, the ability to boot with security.capability=disabpled (or
> > whatever) and then load a custom module without having to use a whole
> > new kernel is something I'm sure end-users want.
> >
> > Especially since compiling a kernel which wo
> Right, the ability to boot with security.capability=disabpled (or
> whatever) and then load a custom module without having to use a whole
> new kernel is something I'm sure end-users want.
>
> Especially since compiling a kernel which works with, say, a default
> fedora install, with lvm etc, i
On Thu, Jul 19, 2007 at 08:37:27AM -0500, Serge E. Hallyn wrote:
> Quoting James Morris ([EMAIL PROTECTED]):
> > On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
> >
> > > > It's already pretty clear.
> > >
> > > I doubt anyone not on lkml or linux-security-module has heard of this.
> > >
> > > So we
On Thu, Jul 19, 2007 at 09:19:56AM -0400, James Morris wrote:
> On Thu, 19 Jul 2007, James Morris wrote:
>
> > On Thu, 19 Jul 2007, Jim Kovaric wrote:
> >
> > > IBMs TAMOS (Tivoli Access Manager for Operating systems) contains a
> > > loadable module,
> > > which is an "out of tree module", a
On Thu, Jul 19, 2007 at 09:19:56AM -0400, James Morris wrote:
> Is my understanding correct?
>
> You're shipping this to customers as a security feature?
It's the usual Tivoli crap, what would you expect?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a
Quoting James Morris ([EMAIL PROTECTED]):
> On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
>
> > > It's already pretty clear.
> >
> > I doubt anyone not on lkml or linux-security-module has heard of this.
> >
> > So we'll see.
> >
> > (I was, obviously, talking about end-users)
>
> If distributio
On 7/19/07, Alan Cox <[EMAIL PROTECTED]> wrote:
> Please distinguish between "cater to" and "support". If the kernel
> didn't worry about supporting out-of-tree code, then why would there
> be loadable module at all?
Memory usage, flexibility, debugging.
Module support was not added for extern
On Thu, 19 Jul 2007, James Morris wrote:
> On Thu, 19 Jul 2007, Jim Kovaric wrote:
>
> > IBMs TAMOS (Tivoli Access Manager for Operating systems) contains a
> > loadable module,
> > which is an "out of tree module", and registers "itself" as a security
> > module during the TAMOS startup
>
On Thu, Jul 19, 2007 at 07:56:53AM -0500, Scott Preece wrote:
> On 7/19/07, James Morris <[EMAIL PROTECTED]> wrote:
>> On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
>>
>> > If we could get a few (non-afilliated :) people who work with
>> > customers in the security field to tell us whether this is be
> Please distinguish between "cater to" and "support". If the kernel
> didn't worry about supporting out-of-tree code, then why would there
> be loadable module at all?
Memory usage, flexibility, debugging.
Module support was not added for external modules.
-
To unsubscribe from this list: send
On Thu, 19 Jul 2007, Jim Kovaric wrote:
> IBMs TAMOS (Tivoli Access Manager for Operating systems) contains a
> loadable module,
> which is an "out of tree module", and registers "itself" as a security
> module during the TAMOS startup
> process. It also requires that SElinux be "disabled"
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
> > It's already pretty clear.
>
> I doubt anyone not on lkml or linux-security-module has heard of this.
>
> So we'll see.
>
> (I was, obviously, talking about end-users)
If distributions are shipping binary modules and other out of tree code to
th
On 7/19/07, James Morris <[EMAIL PROTECTED]> wrote:
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
> If we could get a few (non-afilliated :) people who work with
> customers in the security field to tell us whether this is being
> used, that would be very helpful. Not sure how to get that.
The m
Quoting James Morris ([EMAIL PROTECTED]):
> On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
>
> > If we could get a few (non-afilliated :) people who work with
> > customers in the security field to tell us whether this is being
> > used, that would be very helpful. Not sure how to get that.
>
> The
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
> If we could get a few (non-afilliated :) people who work with
> customers in the security field to tell us whether this is being
> used, that would be very helpful. Not sure how to get that.
The mainline kernel does not cater to out of tree code.
>
Quoting Christian Ehrhardt ([EMAIL PROTECTED]):
> On Wed, Jul 18, 2007 at 06:35:03PM -0700, Andrew Morton wrote:
> > On Sat, 14 Jul 2007 12:37:01 -0400 (EDT)
> > James Morris <[EMAIL PROTECTED]> wrote:
> >
> > > Convert LSM into a static interface, as the ability to unload a security
> > > module
On Wed, Jul 18, 2007 at 06:35:03PM -0700, Andrew Morton wrote:
> On Sat, 14 Jul 2007 12:37:01 -0400 (EDT)
> James Morris <[EMAIL PROTECTED]> wrote:
>
> > Convert LSM into a static interface, as the ability to unload a security
> > module is not required by in-tree users and potentially complicates
On Wed, Jul 18, 2007 at 10:42:09PM -0400, James Morris wrote:
> On Wed, 18 Jul 2007, Andrew Morton wrote:
> > aww man, you passed over an opportunity to fix vast amounts of coding style
> > cruftiness.
>
> GregKH-esque :-)
Yeah, sorry, that was when I was young and foolish and liked to bang on
th
On Wed, 18 Jul 2007, James Morris wrote:
On Wed, 18 Jul 2007, Andrew Morton wrote:
The SECURITY_FRAMEWORK_VERSION macro has also been removed.
I'd like to understand who is (or claims to be) adversely affected by this
change, and what their complaints (if any) will be.
Because I prefer my
On Wed, 18 Jul 2007, Andrew Morton wrote:
> > The SECURITY_FRAMEWORK_VERSION macro has also been removed.
>
> I'd like to understand who is (or claims to be) adversely affected by this
> change, and what their complaints (if any) will be.
>
> Because I prefer my flamewars pre- rather than post-m
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT)
James Morris <[EMAIL PROTECTED]> wrote:
> Convert LSM into a static interface, as the ability to unload a security
> module is not required by in-tree users and potentially complicates the
> overall security architecture.
>
> Needlessly exported LSM symbol
On Sat, 2007-07-14 at 12:37 -0400, James Morris wrote:
> Convert LSM into a static interface, as the ability to unload a security
> module is not required by in-tree users and potentially complicates the
> overall security architecture.
>
> Needlessly exported LSM symbols have been unexported, to
In article <[EMAIL PROTECTED]> you wrote:
> Convert LSM into a static interface, as the ability to unload a security
> module is not required by in-tree users and potentially complicates the
> overall security architecture.
>
> Needlessly exported LSM symbols have been unexported, to help reduce A
31 matches
Mail list logo