[Bugme-new] [Bug 19722] New: please allow module LSM

bugzilla-daemon at bugzilla.kernel.org bugzilla-daemon at bugzilla.kernel.org
Mon Oct 4 04:07:28 PDT 2010


https://bugzilla.kernel.org/show_bug.cgi?id=19722

           Summary: please allow module LSM
           Product: Other
           Version: 2.5
    Kernel Version: 2.6.36-rc5
          Platform: All
        OS/Version: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: Loadable Security Modules (LSM)
        AssignedTo: other_lsm at kernel-bugs.osdl.org
        ReportedBy: rrs at researchut.com
        Regression: No


Given that we have multiple LSM implementations (SELinux, SMACK, AppArmor,
TOMOYO) and that only one can be used effectively at a time, it makes more
sense to not enable and load all off them in to memory.

By current design of non-modular LSMs, it becomes very difficult for a general
purpose distribution like Debian to support all users with a single kernel
flavor. It is also impractical to  build linux-image-selinux ,
linux-image-apparmor, linux-image-tomoyo et cetera.

Building all the features and setting default to False works but is regarded as
inefficient and bloated. Can LSM be made modular ? Otherwise, can the image
size be trimmed at runtime after determining the effective LSM in use ?

BTW: Is it correct in the bugzilla reference ? It states Loadable Security
Module.

-- 
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the Bugme-new mailing list