--- Stephen Smalley <[email protected]> wrote:
> This would be fine, if the technical approach were
> sound (not necessarily the same as SELinux, but
sound)
Please accept that this is a judgement call.
> and fit properly with the LSM interface.
Of course LSM will fit SELinux better than it fits
AppArmour, LSM has been adapted to fit the needs
of SELinux. Once AppArmour, LIDS, and friends have
been accepted LSM will adjust to serve them better
just as it has done for SELinux. If the arguement
is that a module can't be accepted because it
doesn't do the same things SELinux does, and that
there's no point in accepting it if it does the
same things SELinux does I will admit that you have
all the bases covered.
> But the path-based approach isn't technically sound,
That is certainly true for a Common Criteria
system. There are clued individuals who understand
all the underlying technology who still care
about *any* file called /etc/shadow, chroot, mount,
vfs, and phase of the moon notwithstanding.
> and even if we were to assume that it was, it isn't
even
> a good fit for the LSM hook interfaces.
SELinux wasn't always a good fit either. LSM
accomodated SELinux. Offer the same community
cooperation to other you have yourself received.
Casey Schaufler
[email protected]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
