* Serge E. Hallyn ([email protected]) wrote:
> Quoting Chris Wright ([email protected]):
> > This is all fine. The question is whether this is a policy management
> > issue or a kernel infrastructure issue. So far, it's not clear that this
> > really necessitates kernel infrastructure changes to support container
> > aware policies to be loaded by physical host admin/owner or the virtual
> > host admin. The place where it breaks down is if each virtual host
> > wants not only to control its own policy, but also its security model.
>
> What do you define as 'policy', and how is it different from the
> security model?
Model, as in TE, RBAC, or something trivially simple ala Openwall type
protection. Policy, as in rules to drive the model.
> Second, we might want container admins to insert LSMs.
I think we can agree that this way lies madness.
thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
