Emily Ratliff posted a summary of the recent USENIX "Birds of a Feather" (BOF) discussion about the Linux Security Module effort. This effort is trying to devise a set of Linux kernel hooks to support "plugging in" to Linux support for advanced security policies.
In particular, discussion has ranged over whether or not the "hooks" being inserted should be restrictive (only limit further what can be done) or permissive (can add NEW permissions). Permissive approaches are more flexible, but far more difficult to get right. It looks like the current approach is to only support restrictive approaches, and add permissive approaches later; if permissive approaches are added, they'll be separate (so that those who only need restrictive approaches don't have to deal with the additional complexity of permissive approaches).
The link for this article located at USENIX is no longer available.
