Hasse Hagen Johansen <hhj@xxxxxxxxxxxxx> writes: > Hmm. There is some discussion if the LSM is actually very secure. That > why RSBAC is not using/is implemented as an LSM, but of course there > is always discussions... All the complaints I've seen about LSM were rather vague, and mostly seem motivated by discontent that someone else's security hooks got introduced into the mainline kernel. The current hooks are quite adequate for my simple needs. Do you know of any specific security problems that I should watch out for? None have been mentioned on the linux-security-module mailing list. > I was actualy thinking about if I could use EA/ACL and/or rsbac or > grsecurity, for granting specific users running specific executables > the Realtime capability That would be nice. How would you propose to go about it? To have any traction as a general solution for Linux Audio, a solution needs to be based on generally-available code. There is no point in telling users or distibutions: "apply this 30,000-line patch to your kernel, then tag the following 127 files with Access Control Lists." It won't happen. -- joq
