On Mon, 17 Apr 2006, Christoph Hellwig wrote:
> > Or, better, remove LSM itself ;)
> Seriously that makes a lot of sense. All other modules people have come
> with over the last years are irrelevant and/or broken by design.
It's been nearly a year since I proposed this, and we've not seen any
appropriate LSM modules submitted in that time.
The only reason I can see to not delete it immediately is to give BSD
secure levels users a heads-up, although I thought it was already slated
for removal. BSD secure levels is fundamentally broken and should
never have gone into mainline.
How about enough time to get us to 2.6.18, say, two months?
Signed-off-by: James Morris
@@ -246,3 +246,27 @@ Why: The interface no longer has any cal
Who: Nick Piggin
+What: LSM (Linux Security Modules) including BSD Secure Levels.
+When: June 2006
+Why: In the years since LSM was included in the mainline kernel, SELinux
+ has been the only significant module implemented and also included
+ in the mainline kernel. So we have a generalized framework for
+ one user, SELinux, which itself is a generalized framework.
+ Thus, LSM will be removed, as it adds unecessary infrastructure,
+ performance overhead and complicates the code. It also attracts
+ a regular stream of misconceived and broken security module
+ submissions to mainline, such as BSD Security Levels, and
+ developers are seeing LSM as the answer to everything rather
+ than really thinking about what they need and how to architect
+ the code properly and generally. There is also a growing number
+ of proprietary modules hooking into LSM in usafe ways, not
+ necessarily even for security purposes. The LSM interface
+ semantics are too weak and such an API does not belong in the
+ mainline kernel.
+ See also, previous discussions on the issue:
+Who: James Morris
To unsubscribe from this list: send the line "unsubscribe
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html