Karl MacMillan wrote:
> Which is one reason why SELinux has types (equivalence classes) - it
> makes it possible to group large numbers of applications or resources
> into the same security category. The targeted policy that ships with
> RHEL / Fedora shows how this works in practice.
>
AppArmor (then called "SubDomain") showed how this worked in practice
years before the Targeted Policy came along. The Targeted Policy
implements an approximation to the AppArmor security model, but does it
with domains and types instead of path names, imposing a substantial
cost in ease-of-use on the user.
Crispin
--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]