Re: realtime-lsm and Debian kernel

To: Geiger Guenter <geiger@master.debian.org>
Cc: debian-kernel@lists.debian.org
Subject: Re: realtime-lsm and Debian kernel
From: Christoph Hellwig <hch@lst.de>
Date: Tue, 11 Oct 2005 13:27:27 +0200
Message-id: <[🔎] 20051011112727.GA8167@lst.de>
In-reply-to: <[🔎] 20051011112420.GA14796@master.debian.org>
References: <[🔎] 20051011112420.GA14796@master.debian.org>

On Tue, Oct 11, 2005 at 06:24:20AM -0500, Geiger Guenter wrote:
> This means that it has to be dropped. Thats ok with me, it means less
> work. What was the reason again for not including the capabilities as
> a module ?

Making Security modules actually modular means they don't have the full
view of the process and generally is a bad idea.  For the specific case
of capabilities there even was an exploit in the past.  If we want to
support a given security module in debian we should compile it into the
kernel statically.

Reply to:

Follow-Ups:
- Re: realtime-lsm and Debian kernel
  - From: Horms <horms@debian.org>

References:
- Re: realtime-lsm and Debian kernel
  - From: Geiger Guenter <geiger@master.debian.org>

Prev by Date: linux-2.6_2.6.13-1_ia64.changes ACCEPTED
Next by Date: Bug#333052: insmod race?
Previous by thread: Re: realtime-lsm and Debian kernel
Next by thread: Re: realtime-lsm and Debian kernel
Index(es):
- Date
- Thread