Re: [rsbac] Thoughts on the "No Linux Security Modules framework" old claims

2005-02-25 Thread Kurt Garloff
Hi Amon, On Thu, Feb 24, 2005 at 09:28:38AM +0100, Amon Ott wrote: > On Donnerstag 24 Februar 2005 01:55, Kurt Garloff wrote: > > If you apply them (and I hope Linus will), capabilities is default > > and you can replace that by loading an LSM. You can stack capability > > on top of the primary LS

Re: [rsbac] Thoughts on the "No Linux Security Modules framework" old claims

2005-02-24 Thread Amon Ott
On Donnerstag 24 Februar 2005 01:55, Kurt Garloff wrote: > On Mon, Feb 21, 2005 at 11:19:16AM +0100, Amon Ott wrote: > > Without rechecking the current state: At least the last time I > > checked, the hardwired kernel capabilities were explicitely disabled > > when LSM got switched on. You had t

Re: [rsbac] Thoughts on the "No Linux Security Modules framework" old claims

2005-02-23 Thread Kurt Garloff
Hi Amon, On Mon, Feb 21, 2005 at 11:19:16AM +0100, Amon Ott wrote: > > -> 5. Posix Capabilities Without Stacking Support > > > > I don't get the point of these claims. > > The LSM framework currently has full support for dynamic and > > logic-changeable POSIX.1e capabilities, using the capable()

Re: [rsbac] Thoughts on the "No Linux Security Modules framework" old claims

2005-02-22 Thread Casey Schaufler
--- Amon Ott <[EMAIL PROTECTED]> wrote: > On Montag 21 Februar 2005 18:50, Casey Schaufler > wrote: > > > > --- Lorenzo Hernández García-Hierro > <[EMAIL PROTECTED]> > > wrote: > > > > > > > > There are cases where Linux DAC and MAC cannot > > > live happily together, > > > > because Linux DA

Re: [rsbac] Thoughts on the "No Linux Security Modules framework" old claims

2005-02-22 Thread Amon Ott
On Montag 21 Februar 2005 18:50, Casey Schaufler wrote: > > --- Lorenzo Hernández García-Hierro <[EMAIL PROTECTED]> > wrote: > > > > > There are cases where Linux DAC and MAC cannot > > live happily together, > > > because Linux DAC is too limited. > > > > Agreed. > > OKay, I'll bite. MAC and

Re: [rsbac] Thoughts on the "No Linux Security Modules framework" old claims

2005-02-21 Thread Casey Schaufler
--- Lorenzo Hernández García-Hierro <[EMAIL PROTECTED]> wrote: > > There are cases where Linux DAC and MAC cannot > live happily together, > > because Linux DAC is too limited. > > Agreed. OKay, I'll bite. MAC and DAC are seperate. How is it that (the limited nature of) the DAC behavior makes

Re: [rsbac] Thoughts on the "No Linux Security Modules framework" old claims

2005-02-21 Thread Lorenzo Hernández García-Hierro
El lun, 21-02-2005 a las 11:19 +0100, Amon Ott escribió: > Hi folks, > > this is a late reply, because I was away for a week Hey ao, I was looking for you last week, nice to know you're back again ;) > > Documentation is a general problem in all projects, not only the > kernel. For me, this ha

Re: [rsbac] Thoughts on the "No Linux Security Modules framework" old claims

2005-02-21 Thread Amon Ott
Hi folks, this is a late reply, because I was away for a week. On Dienstag 15 Februar 2005 23:38, Lorenzo Hernández García-Hierro wrote: > The purpose of this email is not re-opening the old flame on the > anti-LSM "pleas" that were subject of many discussion and > disappointments in certain dev