Re: [Dazuko-devel] Red Hat bug report for Dazuko

From: John Ogness
Subject: Re: [Dazuko-devel] Red Hat bug report for Dazuko
Date: Tue, 31 May 2005 14:45:20 +0200
Sami Tikka wrote:

We are trying to re-open the case about Dazuko with Red Hat.

John, would you like to step in and write your take on the Red Hat bugzilla report . The URL is above.

Hi Sami,

I created an account and posted a comment to the bug report. I am curious how they respond.

Related question is that why does capability break LSM-stacking when capabilities are built-in to the kernel? It seems that built-in capability support does not use LSM at all. Or am I misteken?

Capability uses LSM. It makes absolutely no difference to the kernel if something is loaded as a module or built into the kernel. The exact same init() and hooking routines are used. Any kernel the has "capability" built into the kernel, has no LSM stacking support.

Dazuko is also capable of disabling stacking support when you use:


when configuring Dazuko. It is much easier for a module *not* to support stacking. For this reason most don't support it. LSM stacking is (in my opinion) a flawed design and it is a feature that is way over-hyped. It causes many more problems than it solves. This is one of the main motivations for getting Dazuko away from LSM and instead use DazukoFS (in the VFS layer).

John Ogness

Dazuko Maintainer

