On Thu, Jun 6, 2019 at 12:09 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > > On 6/6/2019 10:18 AM, Andy Lutomirski wrote: > > On Thu, Jun 6, 2019 at 8:06 AM David Howells <dhowells@xxxxxxxxxx> wrote: > >> Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > > Casey, I think you need to state your requirement in a way that's well > > defined, and I think you need to make a compelling case that your > > requirement is indeed worth dictating the design of parts of the > > kernel outside LSM. > > Err, no, I don't believe so. There's a whole lot more > going on in this discussion than just what's going on > within the LSMs. Using examples from the LSMs makes it > easier, because their policies are better defined than > the "legacy" policies are. The most important part of the > discussion is about ensuring that the event mechanism > doesn't circumvent the legacy policies. Yes, I understand > that you don't know what that means, or has to do with > anything. > > Indeed, I do not know what you have in mind about making sure this mechanism doesn't circumvent legacy policies. Can you elaborate? --Andy
