Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Karl MacMillan wrote:
> Which is one reason why SELinux has types (equivalence classes) - it
> makes it possible to group large numbers of applications or resources
> into the same security category. The targeted policy that ships with
> RHEL / Fedora shows how this works in practice.
>   
AppArmor (then called "SubDomain") showed how this worked in practice
years before the Targeted Policy came along. The Targeted Policy
implements an approximation to the AppArmor security model, but does it
with domains and types instead of path names, imposing a substantial
cost in ease-of-use on the user.

Crispin
-- 
Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux