Linux Today: Linux News On Internet Time.

Pluggable Security

Oct 02, 2007, 13:30 (0 Talkback[s])

"'I think the decision to merge Smack is something that needs to be considered in the wider context of overall security architecture,' suggested James Morris following Andrew Morton's recent comment that he plans to merge the functionality in the upcoming 2.6.24 kernel. While James had no complaints about Smack itself, he expressed concerns regarding the pluggable nature of LSM, which is used by Smack, cautioning, 'if LSM remains, security will never be a first class citizen of the kernel,' adding, 'on a broader scale, we'll miss the potential of Linux having a coherent, semantically strong security architecture.' He noted that he'd rather see SELinux as the sole Linux security framework, 'merging Smack, however, would lock the kernel into the LSM API. Presently, as SELinux is the only in-tree user, LSM can still be removed...'"

Complete Story

Related Stories: