Re: LSM conversion to static interface

On Fri, 19 Oct 2007, Andreas Gruenbacher wrote:

> Quoting from commit 20510f2f (Convert LSM into a static interface):

quoted text

> > In a nutshell, there is no safe way to unload an LSM. The modular interface
> > is thus unecessary and broken infrastructure. It is used only by
> > out-of-tree modules, which are often binary-only, illegal, abusive of the
> > API and dangerous, e.g. silently re-vectoring SELinux.
>
> This is idiotic. Just because there is no safe way to unload SELinux
>
> - doesn't mean there is no safe way to unload other LSMs: if nothing
> but that, unloading is handy during development.

Can you provide an example of a real LSM which can be safely unloaded and
also needs to be unloaded?

Why should we maintain infrastructure and extra complexity in the kernel
for theoretical or unknown modules ?

Linus has asked for any valid out of tree users who need a dynamic
interface to step forward. Where are they?

As one of the people who actually maintains LSM (rather than simply
speculates about it), I object to maintaining infrastructure which, to the
best of my knowledge, is only used by out of tree, binary, broken junk.

If you recall, the original motivation for this patch was when the idea
of adding a new capability to control security model unload was raised.

That is, new security infrastructure was being proposed merely to cater to
some other existing unnecessary security infrastructure. So, rather than
doing that, I proposed removing the unnecessary infrastructure.

I agree with Linus: if you can demonstrate a valid, concrete use for
dynamic LSMs, then the infrastructure to support them can easily be
reinstated.

But until then, it seems both reasonable and in keeping with good kernel
development practices, to not maintain unused infrastructure.

- James
--
James Morris

unsubscribe notice

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


linux-kernel:
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Tejun Heo	[PATCH 2/5] sysfs: simplify sysfs_rename_dir()
david	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Mark Weber	hdparm standby timeout not working for WD raptors?
git:

linux-netdev:
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Hugh Dickins	Re: [bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin"
David Miller	[GIT]: Networking
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
openbsd-misc: