28 Feb
2004
28 Feb
'04
11:51 a.m.
Hasse Hagen Johansen <hhj(a)musikcheck.dk> writes:
Hmm. There is some discussion if the LSM is actually
very secure. That
why RSBAC is not using/is implemented as an LSM, but of course there
is always discussions...
All the complaints I've seen about LSM were rather vague, and mostly
seem motivated by discontent that someone else's security hooks got
introduced into the mainline kernel. The current hooks are quite
adequate for my simple needs.
Do you know of any specific security problems that I should watch out
for? None have been mentioned on the linux-security-module mailing
list.
I was actualy thinking about if I could use EA/ACL
and/or rsbac or
grsecurity, for granting specific users running specific executables
the Realtime capability
That would be nice. How would you propose to go about it?
To have any traction as a general solution for Linux Audio, a solution
needs to be based on generally-available code. There is no point in
telling users or distibutions: "apply this 30,000-line patch to your
kernel, then tag the following 127 files with Access Control Lists."
It won't happen.
--
joq