On Mon, 2010-11-08 at 22:13 +0000, Ben Hutchings wrote: > On Mon, Nov 08, 2010 at 12:31:15PM -0800, Kees Cook wrote: > > Hi, > > > > On Sat, 2010-11-06 at 22:23 +0000, Ben Hutchings wrote: > > > On Sun, 2010-11-07 at 03:43 +0530, Ritesh Raj Sarraf wrote: > > > > The wiki lists most items marked as done. I am just curious to know what > > > > the decision has been made for AppArmor. Will it be enabled ? > > > > > > Only if we can find a way to make it modular or discardable. > > > > Hm? LSMs cannot be made modular. > > Currently, no. Is there a logical reason why this is unfeasible?
Speculating somewhat (since I don't know the internals of any LSM) but I guess there is an argument that the LSM needs to be present and measuring (or whatever) from start of day to be affective, or at least to avoid some potentially large or intractable amount of work at initrd/modprobe time to validate or reconstruct the state at the time the LSM is loaded. I'd have thought that validating the initrd along with the vmlinux would be sufficient, but what would I know ;-) > > AppArmor is upstream already, so the > > question on the agenda was to add back the old-style interface methods > > and network mediation (so the userspace tools will work sanely). The > > desired LSM is selected at boot-time, so that's highly "discardable". :) > > The agenda item wasn't asking for it to be the default LSM, just to be > > available at all. > > By 'discardable' I mean that it would be possible to free the memory used > for its code and static data if it was not used (similar to the way init > code is discarded after boot). There was talk on LKML recently of allowing statically compiled code to be registered with the system as if it were a preloaded module, such that it can subsequently be rmmod'd. This was in the context of IOMMUs which have similar properties to LSM in that a whole bunch need to be compiled into the kernel at start of day but only some small number actually end up being used. See http://article.gmane.org/gmane.linux.kernel/1051547 and in particular hpa's responses. Ian. -- Ian Campbell Current Noise: Cryptopsy - Born Headless Our business is run on trust. We trust you will pay in advance. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1289300191.13236.15740.ca...@zakaz.uk.xensource.com
