On Wed, 2004-07-07 at 15:27, Hans Reiser wrote:before I answer, "this proposal" refers to my proposal or Andrea's? Kind of necessary information to my formulating an answer.;-)
Am I right to think that this could complement nicely our plans described at www.namesys.com/blackbox_security.html
Hi Hans,
Out of curiosity, what do you think that this proposal
will achieve that
cannot already be done via SELinux policy? SELinux policy can already
express access rules based not only on the executable and user, but even
the entire call chain that led to a given executable.