On Thu, Jul 19, 2007 at 07:56:53AM -0500, Scott Preece wrote: > On 7/19/07, James Morris <[EMAIL PROTECTED]> wrote: >> On Thu, 19 Jul 2007, Serge E. Hallyn wrote: >> >> > If we could get a few (non-afilliated :) people who work with >> > customers in the security field to tell us whether this is being >> > used, that would be very helpful. Not sure how to get that. >> >> The mainline kernel does not cater to out of tree code. > > Please distinguish between "cater to" and "support". If the kernel > didn't worry about supporting out-of-tree code, then why would there > be loadable module at all? >...
Distribution kernels need modules or the kernel images would be extremely large. > Another twist is to use a tool to generate the module from a > policy-definition file; this could be done at boot-time or could be > done to replace the current policy on a running system (perhaps to add > a new domain corresponding to a newly added service). Yes, this would > need to be done with a lot of care, but part of providing mechanism > (rather than policy) is enabling people to use the mechanism in the > ways they prefer. Why do you need to generate a module for changing a policy? Software like SELinux contains the mechanisms to change the policy without having to change the kernel. > scott cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/