19722 – please allow module LSM

Bug 19722 - please allow module LSM

Summary: please allow module LSM

Status:	RESOLVED INVALID

Alias:	None

Product:	Other
Classification:	Unclassified
Component:	Loadable Security Modules (LSM) (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	Other/LSM

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-10-04 11:07 UTC by Ritesh Raj Sarraf
Modified:	2012-08-13 16:51 UTC (History)
CC List:	1 user (show)

See Also:
Kernel Version:	2.6.36-rc5
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Ritesh Raj Sarraf 2010-10-04 11:07:24 UTC

Given that we have multiple LSM implementations (SELinux, SMACK, AppArmor, TOMOYO) and that only one can be used effectively at a time, it makes more sense to not enable and load all off them in to memory.

By current design of non-modular LSMs, it becomes very difficult for a general purpose distribution like Debian to support all users with a single kernel flavor. It is also impractical to  build linux-image-selinux , linux-image-apparmor, linux-image-tomoyo et cetera.

Building all the features and setting default to False works but is regarded as inefficient and bloated. Can LSM be made modular ? Otherwise, can the image size be trimmed at runtime after determining the effective LSM in use ?

BTW: Is it correct in the bugzilla reference ? It states Loadable Security Module.

Note You need to log in before you can comment on or make changes to this bug.