Hi, On Thu, Jun 17, 2010 at 11:30:54PM +0100, Alan Cox wrote: > - You can give up now. Failure is always an option! :) Nah, I was never deluded into thinking these patches were going to be universally-loved and easy to upstream. I posted them because I want them in, and I'm going to stick with it. > - You can put it together as a security module - which will make people > happy and get your stuff upstream. After that you can have a meaningful > discussion about stacking, although I think you'll find that stacking > is really really hard because you get conflicting behaviour between > security modules and ignoring those conflicts ends up violating at least > one of the security models leaving you worse not better off. > > Your path to making any of the stuff you want happen is via the security > layer and the LSM hooks. Even if you want them stackable and usable with > other modules your starting point is still a security module. Sounds like this really is the only path, with the idea of finding a chaining solution later. Without chaining, it's only useful for people that aren't using a full MAC. -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html