On Tue, Jul 24, 2007 at 01:58:46AM -0700, Andrew Morton wrote:
> On Tue, 24 Jul 2007 01:53:58 -0700 Greg KH <[EMAIL PROTECTED]> wrote:
>
> > On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote:
> > > On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]>
> > > wrote:
On Tue, 24 Jul 2007 01:53:58 -0700 Greg KH <[EMAIL PROTECTED]> wrote:
> On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote:
> > On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]>
> > wrote:
> >
> > > Convert LSM into a static interface
> >
> > allmodconfig
On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote:
> On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]>
> wrote:
>
> > Convert LSM into a static interface
>
> allmodconfig broke
>
> security/built-in.o: In function `rootplug_bprm_check_security':
>
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris <[EMAIL PROTECTED]> wrote:
> Convert LSM into a static interface
allmodconfig broke
security/built-in.o: In function `rootplug_bprm_check_security':
security/root_plug.c:64: undefined reference to `usb_find_device'
security/root_plug.c:70:
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris [EMAIL PROTECTED] wrote:
Convert LSM into a static interface
allmodconfig broke
security/built-in.o: In function `rootplug_bprm_check_security':
security/root_plug.c:64: undefined reference to `usb_find_device'
security/root_plug.c:70:
On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote:
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris [EMAIL PROTECTED]
wrote:
Convert LSM into a static interface
allmodconfig broke
security/built-in.o: In function `rootplug_bprm_check_security':
On Tue, 24 Jul 2007 01:53:58 -0700 Greg KH [EMAIL PROTECTED] wrote:
On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote:
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris [EMAIL PROTECTED]
wrote:
Convert LSM into a static interface
allmodconfig broke
On Tue, Jul 24, 2007 at 01:58:46AM -0700, Andrew Morton wrote:
On Tue, 24 Jul 2007 01:53:58 -0700 Greg KH [EMAIL PROTECTED] wrote:
On Tue, Jul 24, 2007 at 01:02:24AM -0700, Andrew Morton wrote:
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT) James Morris [EMAIL PROTECTED]
wrote:
Quoting Arjan van de Ven ([EMAIL PROTECTED]):
>
> >
> > :)
> >
> > Actually, given that when lsm was being introduced, lsm seemed to
> > improve performance overall, have you taken any measurements to show
> > that this is actually the case? Of course it makes sense that it would,
> > but
>
> :)
>
> Actually, given that when lsm was being introduced, lsm seemed to
> improve performance overall, have you taken any measurements to show
> that this is actually the case? Of course it makes sense that it would,
> but witjout measurements we do not know.
SuSE did a bunch of
* Serge E. Hallyn ([EMAIL PROTECTED]) wrote:
> Actually, given that when lsm was being introduced, lsm seemed to
> improve performance overall, have you taken any measurements to show
> that this is actually the case? Of course it makes sense that it would,
> but witjout measurements we do not
On Thu, Jul 19, 2007 at 09:54:30AM -0700, Arjan van de Ven wrote:
> the next step after this patch is to have an option to get rid of all
> the function pointer chasing (which is expensive) for the case where you
> know you only want one security module (which you then can turn on or
> off)...
Quoting Arjan van de Ven ([EMAIL PROTECTED]):
>
> > Right, the ability to boot with security.capability=disabpled (or
> > whatever) and then load a custom module without having to use a whole
> > new kernel is something I'm sure end-users want.
> >
> > Especially since compiling a kernel which
> Right, the ability to boot with security.capability=disabpled (or
> whatever) and then load a custom module without having to use a whole
> new kernel is something I'm sure end-users want.
>
> Especially since compiling a kernel which works with, say, a default
> fedora install, with lvm etc,
On Thu, Jul 19, 2007 at 08:37:27AM -0500, Serge E. Hallyn wrote:
> Quoting James Morris ([EMAIL PROTECTED]):
> > On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
> >
> > > > It's already pretty clear.
> > >
> > > I doubt anyone not on lkml or linux-security-module has heard of this.
> > >
> > > So
On Thu, Jul 19, 2007 at 09:19:56AM -0400, James Morris wrote:
> On Thu, 19 Jul 2007, James Morris wrote:
>
> > On Thu, 19 Jul 2007, Jim Kovaric wrote:
> >
> > > IBMs TAMOS (Tivoli Access Manager for Operating systems) contains a
> > > loadable module,
> > > which is an "out of tree module",
On Thu, Jul 19, 2007 at 09:19:56AM -0400, James Morris wrote:
> Is my understanding correct?
>
> You're shipping this to customers as a security feature?
It's the usual Tivoli crap, what would you expect?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a
Quoting James Morris ([EMAIL PROTECTED]):
> On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
>
> > > It's already pretty clear.
> >
> > I doubt anyone not on lkml or linux-security-module has heard of this.
> >
> > So we'll see.
> >
> > (I was, obviously, talking about end-users)
>
> If
On 7/19/07, Alan Cox <[EMAIL PROTECTED]> wrote:
> Please distinguish between "cater to" and "support". If the kernel
> didn't worry about supporting out-of-tree code, then why would there
> be loadable module at all?
Memory usage, flexibility, debugging.
Module support was not added for
On Thu, 19 Jul 2007, James Morris wrote:
> On Thu, 19 Jul 2007, Jim Kovaric wrote:
>
> > IBMs TAMOS (Tivoli Access Manager for Operating systems) contains a
> > loadable module,
> > which is an "out of tree module", and registers "itself" as a security
> > module during the TAMOS startup
>
On Thu, Jul 19, 2007 at 07:56:53AM -0500, Scott Preece wrote:
> On 7/19/07, James Morris <[EMAIL PROTECTED]> wrote:
>> On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
>>
>> > If we could get a few (non-afilliated :) people who work with
>> > customers in the security field to tell us whether this is
> Please distinguish between "cater to" and "support". If the kernel
> didn't worry about supporting out-of-tree code, then why would there
> be loadable module at all?
Memory usage, flexibility, debugging.
Module support was not added for external modules.
-
To unsubscribe from this list: send
On Thu, 19 Jul 2007, Jim Kovaric wrote:
> IBMs TAMOS (Tivoli Access Manager for Operating systems) contains a
> loadable module,
> which is an "out of tree module", and registers "itself" as a security
> module during the TAMOS startup
> process. It also requires that SElinux be "disabled"
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
> > It's already pretty clear.
>
> I doubt anyone not on lkml or linux-security-module has heard of this.
>
> So we'll see.
>
> (I was, obviously, talking about end-users)
If distributions are shipping binary modules and other out of tree code to
On 7/19/07, James Morris <[EMAIL PROTECTED]> wrote:
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
> If we could get a few (non-afilliated :) people who work with
> customers in the security field to tell us whether this is being
> used, that would be very helpful. Not sure how to get that.
The
Quoting James Morris ([EMAIL PROTECTED]):
> On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
>
> > If we could get a few (non-afilliated :) people who work with
> > customers in the security field to tell us whether this is being
> > used, that would be very helpful. Not sure how to get that.
>
>
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
> If we could get a few (non-afilliated :) people who work with
> customers in the security field to tell us whether this is being
> used, that would be very helpful. Not sure how to get that.
The mainline kernel does not cater to out of tree code.
>
Quoting Christian Ehrhardt ([EMAIL PROTECTED]):
> On Wed, Jul 18, 2007 at 06:35:03PM -0700, Andrew Morton wrote:
> > On Sat, 14 Jul 2007 12:37:01 -0400 (EDT)
> > James Morris <[EMAIL PROTECTED]> wrote:
> >
> > > Convert LSM into a static interface, as the ability to unload a security
> > > module
On Wed, Jul 18, 2007 at 06:35:03PM -0700, Andrew Morton wrote:
> On Sat, 14 Jul 2007 12:37:01 -0400 (EDT)
> James Morris <[EMAIL PROTECTED]> wrote:
>
> > Convert LSM into a static interface, as the ability to unload a security
> > module is not required by in-tree users and potentially
On Wed, Jul 18, 2007 at 10:42:09PM -0400, James Morris wrote:
> On Wed, 18 Jul 2007, Andrew Morton wrote:
> > aww man, you passed over an opportunity to fix vast amounts of coding style
> > cruftiness.
>
> GregKH-esque :-)
Yeah, sorry, that was when I was young and foolish and liked to bang on
On Wed, Jul 18, 2007 at 10:42:09PM -0400, James Morris wrote:
On Wed, 18 Jul 2007, Andrew Morton wrote:
aww man, you passed over an opportunity to fix vast amounts of coding style
cruftiness.
GregKH-esque :-)
Yeah, sorry, that was when I was young and foolish and liked to bang on
the
On Wed, Jul 18, 2007 at 06:35:03PM -0700, Andrew Morton wrote:
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT)
James Morris [EMAIL PROTECTED] wrote:
Convert LSM into a static interface, as the ability to unload a security
module is not required by in-tree users and potentially complicates the
Quoting Christian Ehrhardt ([EMAIL PROTECTED]):
On Wed, Jul 18, 2007 at 06:35:03PM -0700, Andrew Morton wrote:
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT)
James Morris [EMAIL PROTECTED] wrote:
Convert LSM into a static interface, as the ability to unload a security
module is not
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
If we could get a few (non-afilliated :) people who work with
customers in the security field to tell us whether this is being
used, that would be very helpful. Not sure how to get that.
The mainline kernel does not cater to out of tree code.
Or
Quoting James Morris ([EMAIL PROTECTED]):
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
If we could get a few (non-afilliated :) people who work with
customers in the security field to tell us whether this is being
used, that would be very helpful. Not sure how to get that.
The mainline
On 7/19/07, James Morris [EMAIL PROTECTED] wrote:
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
If we could get a few (non-afilliated :) people who work with
customers in the security field to tell us whether this is being
used, that would be very helpful. Not sure how to get that.
The
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
It's already pretty clear.
I doubt anyone not on lkml or linux-security-module has heard of this.
So we'll see.
(I was, obviously, talking about end-users)
If distributions are shipping binary modules and other out of tree code to
their
On Thu, 19 Jul 2007, Jim Kovaric wrote:
IBMs TAMOS (Tivoli Access Manager for Operating systems) contains a
loadable module,
which is an out of tree module, and registers itself as a security
module during the TAMOS startup
process. It also requires that SElinux be disabled
Please
Please distinguish between cater to and support. If the kernel
didn't worry about supporting out-of-tree code, then why would there
be loadable module at all?
Memory usage, flexibility, debugging.
Module support was not added for external modules.
-
To unsubscribe from this list: send the
On Thu, Jul 19, 2007 at 07:56:53AM -0500, Scott Preece wrote:
On 7/19/07, James Morris [EMAIL PROTECTED] wrote:
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
If we could get a few (non-afilliated :) people who work with
customers in the security field to tell us whether this is being
used,
On Thu, 19 Jul 2007, James Morris wrote:
On Thu, 19 Jul 2007, Jim Kovaric wrote:
IBMs TAMOS (Tivoli Access Manager for Operating systems) contains a
loadable module,
which is an out of tree module, and registers itself as a security
module during the TAMOS startup
process. It
On 7/19/07, Alan Cox [EMAIL PROTECTED] wrote:
Please distinguish between cater to and support. If the kernel
didn't worry about supporting out-of-tree code, then why would there
be loadable module at all?
Memory usage, flexibility, debugging.
Module support was not added for external
Quoting James Morris ([EMAIL PROTECTED]):
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
It's already pretty clear.
I doubt anyone not on lkml or linux-security-module has heard of this.
So we'll see.
(I was, obviously, talking about end-users)
If distributions are shipping
On Thu, Jul 19, 2007 at 09:19:56AM -0400, James Morris wrote:
Is my understanding correct?
You're shipping this to customers as a security feature?
It's the usual Tivoli crap, what would you expect?
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a
On Thu, Jul 19, 2007 at 09:19:56AM -0400, James Morris wrote:
On Thu, 19 Jul 2007, James Morris wrote:
On Thu, 19 Jul 2007, Jim Kovaric wrote:
IBMs TAMOS (Tivoli Access Manager for Operating systems) contains a
loadable module,
which is an out of tree module, and registers
On Thu, Jul 19, 2007 at 08:37:27AM -0500, Serge E. Hallyn wrote:
Quoting James Morris ([EMAIL PROTECTED]):
On Thu, 19 Jul 2007, Serge E. Hallyn wrote:
It's already pretty clear.
I doubt anyone not on lkml or linux-security-module has heard of this.
So we'll see.
(I
Right, the ability to boot with security.capability=disabpled (or
whatever) and then load a custom module without having to use a whole
new kernel is something I'm sure end-users want.
Especially since compiling a kernel which works with, say, a default
fedora install, with lvm etc, is not
Quoting Arjan van de Ven ([EMAIL PROTECTED]):
Right, the ability to boot with security.capability=disabpled (or
whatever) and then load a custom module without having to use a whole
new kernel is something I'm sure end-users want.
Especially since compiling a kernel which works with,
On Thu, Jul 19, 2007 at 09:54:30AM -0700, Arjan van de Ven wrote:
the next step after this patch is to have an option to get rid of all
the function pointer chasing (which is expensive) for the case where you
know you only want one security module (which you then can turn on or
off)... that
* Serge E. Hallyn ([EMAIL PROTECTED]) wrote:
Actually, given that when lsm was being introduced, lsm seemed to
improve performance overall, have you taken any measurements to show
that this is actually the case? Of course it makes sense that it would,
but witjout measurements we do not know.
:)
Actually, given that when lsm was being introduced, lsm seemed to
improve performance overall, have you taken any measurements to show
that this is actually the case? Of course it makes sense that it would,
but witjout measurements we do not know.
SuSE did a bunch of measurement I
Quoting Arjan van de Ven ([EMAIL PROTECTED]):
:)
Actually, given that when lsm was being introduced, lsm seemed to
improve performance overall, have you taken any measurements to show
that this is actually the case? Of course it makes sense that it would,
but witjout
On Wed, 18 Jul 2007, James Morris wrote:
On Wed, 18 Jul 2007, Andrew Morton wrote:
The SECURITY_FRAMEWORK_VERSION macro has also been removed.
I'd like to understand who is (or claims to be) adversely affected by this
change, and what their complaints (if any) will be.
Because I prefer my
On Wed, 18 Jul 2007, Andrew Morton wrote:
> > The SECURITY_FRAMEWORK_VERSION macro has also been removed.
>
> I'd like to understand who is (or claims to be) adversely affected by this
> change, and what their complaints (if any) will be.
>
> Because I prefer my flamewars pre- rather than
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT)
James Morris <[EMAIL PROTECTED]> wrote:
> Convert LSM into a static interface, as the ability to unload a security
> module is not required by in-tree users and potentially complicates the
> overall security architecture.
>
> Needlessly exported LSM
On Sat, 2007-07-14 at 12:37 -0400, James Morris wrote:
> Convert LSM into a static interface, as the ability to unload a security
> module is not required by in-tree users and potentially complicates the
> overall security architecture.
>
> Needlessly exported LSM symbols have been unexported, to
On Sat, 2007-07-14 at 12:37 -0400, James Morris wrote:
Convert LSM into a static interface, as the ability to unload a security
module is not required by in-tree users and potentially complicates the
overall security architecture.
Needlessly exported LSM symbols have been unexported, to help
On Sat, 14 Jul 2007 12:37:01 -0400 (EDT)
James Morris [EMAIL PROTECTED] wrote:
Convert LSM into a static interface, as the ability to unload a security
module is not required by in-tree users and potentially complicates the
overall security architecture.
Needlessly exported LSM symbols have
On Wed, 18 Jul 2007, Andrew Morton wrote:
The SECURITY_FRAMEWORK_VERSION macro has also been removed.
I'd like to understand who is (or claims to be) adversely affected by this
change, and what their complaints (if any) will be.
Because I prefer my flamewars pre- rather than post-merge.
On Wed, 18 Jul 2007, James Morris wrote:
On Wed, 18 Jul 2007, Andrew Morton wrote:
The SECURITY_FRAMEWORK_VERSION macro has also been removed.
I'd like to understand who is (or claims to be) adversely affected by this
change, and what their complaints (if any) will be.
Because I prefer my
In article <[EMAIL PROTECTED]> you wrote:
> Convert LSM into a static interface, as the ability to unload a security
> module is not required by in-tree users and potentially complicates the
> overall security architecture.
>
> Needlessly exported LSM symbols have been unexported, to help reduce
In article [EMAIL PROTECTED] you wrote:
Convert LSM into a static interface, as the ability to unload a security
module is not required by in-tree users and potentially complicates the
overall security architecture.
Needlessly exported LSM symbols have been unexported, to help reduce API
62 matches
Mail list logo