Eric W. Biederman wrote: > Theodore Tso <tytso@xxxxxxx> writes: > > >> i think we really need to have stacked LSM's, ! >> because there is a large set >> of people who will never use SELinux. Every few years, I take another >> look at SELinux, my head explodes with the (IMHO unneeded complexity), >> and I go away again... >> >> Yet I would really like a number of features such as this ptrace scope idea --- >> which I think is a useful feature, and it may be that stacking is the only >> way we can resolve this debate. The SELinux people will never believe that >> their system is too complicated, and I don't like using things that are impossible >> for me to understand or configure, and that doesn't seem likely to change anytime >> in the near future. >> >> I mean, even IPSEC RFC's are easier for me to understand, and that's saying >> a lot... >> > > > If anyone is going to work on this let me make a concrete suggestion. > Let's aim at not stacked lsm's but chained lsm's, and put the chaining > logic in the lsm core. > It's 35 years since my data structures course. What's the important difference between the two? > The core difficulty appears to be how do you multiplex the security pointers > on various objects out there. > That and making sure that the hooks that maintain state get called even if the decision to deny access has already been made by someone else. > My wishlist has this working so that I can logically have a local security > policy in a container, restricted by the global policy but with additional > restrictions. > > Eric > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > > > -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
