"There are so many great projects that add security to the Linux kernel. GRSecurity and PaX come to mind immediately. But these products could do so much more if they, or at least some portions of their technology, were included in the base Linux kernel."

You haven't been looking.

PARTS of both have been accepted, though not implemented in the way those projects chose.

And to be accepted into the kernel REQUIRES the project developers to LISTEN to the kernel developers, and accept guidance on HOW to implement certain features.

If they don't, then their project will forever remain outside the kernel.

Some of the objections have been the use of depreciated interfaces, refusal to accept guidance, refusal to break down the changes into manageable and understandable chunks, and refusal to use facilities that are already in the kernel (ie - LSM).

Some of the features of these projects have been implemented via the LSM.

And you will note that the LSM and SELinux has been accepted into the core.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/308/30980#30980