On Tue, 26 Jun 2007, Kazuki Omo(Company) wrote: > Folks, > > May I ask some foolish questions? > I just want to make sure what do we need > if we want to put new security module(which is using LSM) in mainline.
(Note, the following are just my opinions). > > 1. Does it have to provide complete "MAC" which Casey Schaufler > explained in below mail? > http://marc.info/?l=linux-kernel&m=118252843017261&w=2 No. > 2. Does it have to provide any solution which SELinux can't cover? > > 3. Do we have to proof the new security module "can't" implement > as policy on SELinux? The questions I would ask, given that SELinux has been upstream for several years, and that SELinux is itself an extensible security framework designed to allow composition of different security models in a consistent manner: - why would you duplicate existing functionality ? - did you try and solve the problem with SELinux (either using the existing models or by adding new ones) ? More generally, I would question whether Linux is really best served by a disparate set of security schemes with no underlying design. > 4. Does it have to provide complete security feature from beginning? > Can we implement just small features to mainline and develop > new features in same time? This varies between subsystems, but it would probably need to meet a useful set of goals. > 5. Does it have to have any Security model which documented/evaluated > in academic conference? No, but you should be able to explain the requirements, the model and the implementation. -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
