[Bugme-new] [Bug 19722] New: please allow module LSM
bugzilla-daemon at bugzilla.kernel.org
bugzilla-daemon at bugzilla.kernel.org
Mon Oct 4 04:07:28 PDT 2010
https://bugzilla.kernel.org/show_bug.cgi?id=19722
Summary: please allow module LSM
Product: Other
Version: 2.5
Kernel Version: 2.6.36-rc5
Platform: All
OS/Version: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Loadable Security Modules (LSM)
AssignedTo: other_lsm at kernel-bugs.osdl.org
ReportedBy: rrs at researchut.com
Regression: No
Given that we have multiple LSM implementations (SELinux, SMACK, AppArmor,
TOMOYO) and that only one can be used effectively at a time, it makes more
sense to not enable and load all off them in to memory.
By current design of non-modular LSMs, it becomes very difficult for a general
purpose distribution like Debian to support all users with a single kernel
flavor. It is also impractical to build linux-image-selinux ,
linux-image-apparmor, linux-image-tomoyo et cetera.
Building all the features and setting default to False works but is regarded as
inefficient and bloated. Can LSM be made modular ? Otherwise, can the image
size be trimmed at runtime after determining the effective LSM in use ?
BTW: Is it correct in the bugzilla reference ? It states Loadable Security
Module.
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Bugme-new
mailing list