Preferred subj= with multiple LSMs
James Morris
jmorris at namei.org
Mon Jul 22 20:50:35 UTC 2019
On Fri, 19 Jul 2019, Paul Moore wrote:
> > We've never had to think about having general rules on
> > what security modules do before, because with only one
> > active each could do whatever it wanted without fear of
> > conflict. If there is already a character that none of
> > the existing modules use, how would it be wrong to
> > reserve it?
>
> "We've never had to think about having general rules on what security
> modules do before..."
>
> We famously haven't imposed restrictions on the label format before
> now, and this seems like a pretty poor reason to start.
Agreed.
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list