On Fri, 15 Jun 2007, Casey Schaufler wrote:
>
> --- James Morris <[email protected]> wrote:
>
> > On my system, it takes about 1.2 seconds to label a fully checked out
> > kernel source tree with ~23,000 files in this manner
>
> That's an eternity for that many files to be improperly labeled.
> If, and the "if" didn't originate with me, your policy is
> demonstrably correct (how do you do that?) for all domains
> you could claim that the action is safe, if not ideal.
> I can't say if an evaluation team would buy the "safe"
> argument. They've been known to balk before.
To clarify:
We are discussing a scheme where the underlying SELinux labeling policy
always ensures a safe label on a file, and then relabeling newly created
files according to their pathnames.
There is no expectation that this scheme would be submitted for
certification. Its purpose is to merely to provide pathname-based
labeling outside of the kernel.
- James
--
James Morris
<[email protected]>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
