On Thu, 08 Mar 2007 17:58:16 EST, Mimi Zohar said:
> This is a request for comments for a new Integrity Based Access
> Control(IBAC) LSM module which bases access control decisions
> on the new integrity framework services. 
> 
> (Hopefully this will help clarify the interaction between an LSM 
> module and LIM module.)

OK, between this and the additional LIM hooks I didn't notice in an earlier
patch, we're starting to see the API.   The only problem is that although
it may be the right API for *your* code, I suspect it's a non-starter without
a discussion about whether it's the right *generic* API for an LIM (which will
require at least one dramatic bun fight about what "Integrity" means).

> Index: linux-2.6.21-rc3-mm2/security/ibac/Kconfig
 
Minor congnitive-dissonance alert:

> +config SECURITY_IBAC_BOOTPARAM
> +	bool "IBAC boot parameter"
> +	depends on SECURITY_IBAC
> +	default y

> +	  If you are unsure how to answer this question, answer N.

The 'default' should in general match the hint we give the user.