[direct reply bounced, resending via gmail] Andrew Morton <[EMAIL PROTECTED]> writes:
> Christoph Hellwig <[EMAIL PROTECTED]> wrote: > > > > On Thu, Feb 10, 2005 at 02:35:08AM -0800, Andrew Morton wrote: > > > > > > > > > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11-rc3/2.6.11-rc3-mm2/ > > > > > > > > > - Added the mlock and !SCHED_OTHER Linux Security Module for the audio > > > guys. > > > It seems that nothing else is going to come along and this is completely > > > encapsulated. > > > > Even if we accept a module that grants capabilities to groups this > > isn't fine yet because it only supports two specific capabilities > > (and even those two in different ways!) instead of adding generic > > support to bind capabilities to groups. > > I'm sure that got discussed somewhere in the 1000 emails which flew past > last time. Jack? [adding cc: for the main discussion participants] Most people felt that a more general capabilities module would be nice to have. But, no one offered any code, or volunteered to work on it. I have no objection to that approach, but am not willing or able to do it myself. My opinion is that expanding the scope of the LSM would significantly increase its security risk. That job needs to be done very carefully, by someone with a deep understanding of the kernel's internal use of capabilities. Perhaps, Christoph's suggestion could become part of a more general module, which might replace the RT-LSM in the 2.8 timeframe. Our LSM is a modest solution aimed at solving the immediate needs of audio developers and users with minimal impact on kernel security or correctness. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
