[OpenAFS] OpenAFS & Linux kernel 2.6: please have a trackable bug report / task ?

[Russ Allbery]

Lester Barrows <barrows@email.arc.nasa.gov> writes:

> That's true, but I'd have to believe that a vendor such as Redhat will
> include the option to secure their distribution to the best of their
> ability. This would be particularly true with an enterprise OS vendor as
> their customers will demand it. At the very least they are likely to
> include a "secure" kernel alongside their standard builds, much as they
> do with e.g. bigmem kernels. I believe there have been people from RH
> following this list, is anyone around who could confirm/deny this?

The issue there is more that "including the Linux Security Module" !=
secure.  As I understand it, it's a bunch of hooks for doing
security-related things that for the most part people don't use, and which
would require some real reworking of a lot of standard procedures to take
full advantage of.  So it's not completely obvious to me that Red Hat will
ship it, although they might.

> Beyond that, it seems that it would be easier to request a distribution
> which didn't already include it to add a secure kernel, built with
> slightly different options, rather than asking them to apply a patch
> which isn't part of the base kernel. If making OpenAFS can be made to
> work at great effort without touching the security module that's good,
> but if the wheel already exists, is simpler to implement for and
> technically sound as well it seems a waste not to use it.

This I agree with.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>