ANN: new LSM guidelines
Serge E. Hallyn
serge at hallyn.com
Mon Sep 11 13:03:47 UTC 2023
On Sat, Sep 09, 2023 at 09:46:02AM +0900, Tetsuo Handa wrote:
> On 2023/08/03 7:00, Paul Moore wrote:
> > * The new LSM must be sufficiently unique to justify the additional work
> > involved in reviewing, maintaining, and supporting the LSM. It is reasonable
> > for there to be a level of overlap between LSMs, but either the security model
> > or the admin/user experience must be significantly unique.
>
> s/work/burden/ ?
>
> > * Any userspace tools or patches created in support of the LSM must be publicly
> > available, with a public git repository preferable over a tarball snapshot.
>
> What is the definition of "publicly" here? Everyone can download related resources
> including the source code etc. anonymously (e.g. without asking for creating user
> account and/or buying subscriptions ) ?
Hm, that's a good point actually. I would say that one must be able to fully
administer it with free (in both senses) tools, which must be used (let's aim
for the moon) in an included testsuite. However, that doesn't need to be true
of "any" support tools. If the author wants to sell some improved tools, I
think that's good. But again, the free tools must always be able to configure
every aspect of the LSM.
-serge
More information about the Linux-security-module-archive
mailing list