Hi!
> > I will write you a Perl script which will generate a complete
> > and functionally equivalent SELinux policy (assuming I have enough
> > free time) given a file with your policy language. But I can do this
> > if and only if you tell me which of the SELinux access vectors you
> > care about (In other words, which of the LSM hooks you want to
> > require "read", "write", or "execute" privileges for). With such a
> > little script you could write all the "simplified" policy you want,
> > without having to change the kernel code at all.
>
> It's all spelled out in the module. Go wild.
Kyle claims he can emulate SMACK with SELinux + perl script, but I
don't think it is fair to force him to write that perl. You want the
code merged, so it should be up to you to do the work... or
acknowledge that selinux ineed is smack supperset and argue that SMACK
is better, anyway, because of its simplicity / speed / something.
Or maybe that perl script is impossible to write for some reason? Tell
us if so...
Pavel
(who is no security expert)
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]