On Tue, 02 Oct 2007 17:02:13 -0400 Bill Davidsen <[EMAIL PROTECTED]> wrote:
> Linus Torvalds wrote: > > > > On Mon, 1 Oct 2007, Stephen Smalley wrote: > >> You argued against pluggable schedulers, right? Why is security > >> different? > > > > Schedulers can be objectively tested. There's this thing called > > "performance", that can generally be quantified on a load basis. > > > > Yes, you can have crazy ideas in both schedulers and security. Yes, you > > can simplify both for a particular load. Yes, you can make mistakes in > > both. But the *discussion* on security seems to never get down to real > > numbers. > > > And yet you can make the exact same case for schedulers as security, you > can quantify the behavior, but if your only choice is A it doesn't help > to know that B is better. To be fair the discussion on security does get down to real set theory but at that point most people's eyes (mine included) glaze over somewhat. You can reasonably quantify the behaviour and correctness of a security model based upon mathematical principles - if anything its *easier* that schedulers which are so much based on "feeling right". Smack seems a perfectly good simple LSM module, its clean, its based upon credible security models and sound theory (unlike AppArmor). I don't see why it shouldn't go in. Alan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
