On Tue, 02 Oct 2007 17:02:13 -0400
Bill Davidsen <[email protected]> wrote:
> Linus Torvalds wrote:
> >
> > On Mon, 1 Oct 2007, Stephen Smalley wrote:
> >> You argued against pluggable schedulers, right? Why is security
> >> different?
> >
> > Schedulers can be objectively tested. There's this thing called
> > "performance", that can generally be quantified on a load basis.
> >
> > Yes, you can have crazy ideas in both schedulers and security. Yes, you
> > can simplify both for a particular load. Yes, you can make mistakes in
> > both. But the *discussion* on security seems to never get down to real
> > numbers.
> >
> And yet you can make the exact same case for schedulers as security, you
> can quantify the behavior, but if your only choice is A it doesn't help
> to know that B is better.
To be fair the discussion on security does get down to real set theory
but at that point most people's eyes (mine included) glaze over somewhat.
You can reasonably quantify the behaviour and correctness of a security
model based upon mathematical principles - if anything its *easier* that
schedulers which are so much based on "feeling right".
Smack seems a perfectly good simple LSM module, its clean, its based upon
credible security models and sound theory (unlike AppArmor). I don't see
why it shouldn't go in.
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]