LSS: LSM roundtable

Posted Sep 15, 2011 17:05 UTC (Thu) by BenHutchings (subscriber, #37955)
Parent article: LSS: LSM roundtable

Debian currently only compiles one LSM (SELinux) into its kernel due to the memory that gets wasted by the unused code for inactive LSMs.

Actually we have TOMOYO as well.

But Cook said all that was really needed was a way to unload all but the active LSM. As long as this unloading mechanism didn't touch the active LSM, and that the feature itself was optional, no one seemed to object to it. So it is mostly just a matter of someone finding the time to write the code.

This remains on my to-do list. I did make a start on this, and got as far as crashing the kernel at boot. ;-)

to post comments

LSS: LSM roundtable

Posted Sep 16, 2011 18:46 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link] (3 responses)

Please, please, please add AppArmor support in time for Wheeze.

App Armor Support for Wheezy

Posted Sep 18, 2011 15:14 UTC (Sun) by kreutzm (guest, #4700) [Link] (2 responses)

Hello Cyberax,

probably the best way forward is to file a wishlist bug ASAP.

App Armor Support for Wheezy

Posted Sep 18, 2011 17:21 UTC (Sun) by BenHutchings (subscriber, #37955) [Link] (1 responses)

#598408

App Armor Support for Wheezy

Posted Sep 20, 2011 2:45 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link]

Yeah.

How about this: if AppArmor work is finished before Wheeze release, then I'll send you a case of beer. Alternatively, I'll buy you a year of "maniacal supporter" subscription for LWN.