Re: Paris MiniDebConf Minutes
On Mon, Nov 08, 2010 at 12:31:15PM -0800, Kees Cook wrote:
> Hi,
>
> On Sat, 2010-11-06 at 22:23 +0000, Ben Hutchings wrote:
> > On Sun, 2010-11-07 at 03:43 +0530, Ritesh Raj Sarraf wrote:
> > > The wiki lists most items marked as done. I am just curious to know what
> > > the decision has been made for AppArmor. Will it be enabled ?
> >
> > Only if we can find a way to make it modular or discardable.
>
> Hm? LSMs cannot be made modular.
Currently, no. Is there a logical reason why this is unfeasible?
> AppArmor is upstream already, so the
> question on the agenda was to add back the old-style interface methods
> and network mediation (so the userspace tools will work sanely). The
> desired LSM is selected at boot-time, so that's highly "discardable". :)
> The agenda item wasn't asking for it to be the default LSM, just to be
> available at all.
By 'discardable' I mean that it would be possible to free the memory used
for its code and static data if it was not used (similar to the way init
code is discarded after boot).
Ben.
--
Ben Hutchings
We get into the habit of living before acquiring the habit of thinking.
- Albert Camus
Reply to: