[rsbac] Remove LSM support from RSBAC 1.2.3-pre? Issues and musings.

Andreas Baetz lac01 at web.de
Wed Oct 15 08:42:55 MEST 2003

On Monday 13 October 2003 16:37, Amon Ott wrote:
> Hello again!
> After weeks of reflecting, I have almost decided to throw Linux Security
> Modules (LSM) support out of the RSBAC code and return to the original
> hooks. I will try to summarize my arguments and hereby ask you for your
> comments to come to a final decision.

I am convinced that amon did think over his arguments very thoroughly,
and that he does not base his decision on personal likes/dislikes, but rather
on facts of stability and security.

So if LSM is not able to handle all of the features RSBAC is offering, and those
features are to important to being dropped, IMHO it is better to have a secure
and stable solution and use the old, complete patch model.

I would think otherwise if RSBAC could somehow be integrated with LSM completely
or LSM could be changed to completely support RSBAC, because it seems to be better
to have a common base everyone can use than single solutions.

As for the moment, for me it seems most important that RSBAC is always working with
the actual stable kernel, regardless of LSM integration or not.


More information about the rsbac mailing list