On Wed, 2006-04-19 at 14:33 -0400, Stephen Smalley wrote:
> On Wed, 2006-04-19 at 12:57 -0500, Emily Ratliff wrote:
> > Dave has an existing implementation with a user base of a formally
> > proven security model. He is addressing implementation concerns and
> > continuing to try to get SLIM accepted. Why should he be required to
> > extend SELinux?
>
> Well, I haven't seen any new code submitted since last Nov, and the code
> at that time was badly broken to the point that it seemed to require a
> re-design, and none of the modules at the time appeared to justify LSM
> or the stacker; if anything, they were a warning that the stacker and
> LSM lend themselves to misuse, confusion, and broken code.
>
> I'm sure we'd all be glad to see new patches. But the issues that were
> raised during the original discussion still need to be addressed.
BTW, this isn't the first time that he has been encouraged to consider
extending SELinux rather than going it alone with his own custom LSM,
and the benefits to him would be:
- leveraging an existing code base and infrastructure that is already
upstream and included in several distros (including both the kernel code
as well as integration with userspace, policy tools, policy management
infrastructure, etc),
- being able to leverage the existing TE security model to complement
and fill in the gaps left by the low water mark model, just as it is
already being used to complement MLS,
- ensuring that the result integrates well and works well with SELinux,
for those who may want both low water mark and TE.
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
