Sorry to be mean I still class this as all bad ideas.
No LSM supports every setup. To be correct using containers to run
many servers you will want to run different LSM in each container as
the customer requests. So being loadable and unload able for
containers is important.
Most LSM don't deal
On Sun, Oct 21, 2007 at 07:24:42PM -0700, Thomas Fricaccia wrote:
> Yes, I think Crispin has succinctly summed it up: irrevocably closing
> the LSM prevents commercial customers from using security modules other
> than that provided by their Linux distributor.
Any "customer" using a security mode
Yes, I think Crispin has succinctly summed it up: irrevocably closing
the LSM prevents commercial customers from using security modules other
than that provided by their Linux distributor. As Sarbanes-Oxley and
other regulatory laws require these customers to use "standard
kernels", the result is
To discuss how LSM should work, it would have been really helpful if the
OP had cc'd the LSM mailing list. I've cc'd the LSM list here ...
Linus Torvalds wrote:
> On Wed, 17 Oct 2007, Thomas Fricaccia wrote:
>
>> But then I noticed that, while the LSM would remain in existence, it was
>> being
Lets start with a few basic problems I have found with all LSM's I have tried.
Number 1 they forget users might need to limit applications without
administrators approval and only locally. This is like running
Firefox locked out from seeing a particular directories choose by the
user because the