Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks

From: Crispin Cowan
Date: Tue Apr 18 2006 - 15:32:08 EST

Next message: Rudolf Marek: "Re: [RFC] Watchdog device class"
Previous message: Jean Delvare: "Re: [PATCH] i2c-i801: Fix resume when PEC is used"
In reply to: Karl MacMillan: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Next in thread: Arjan van de Ven: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Karl MacMillan wrote:
> Which is one reason why SELinux has types (equivalence classes) - it
> makes it possible to group large numbers of applications or resources
> into the same security category. The targeted policy that ships with
> RHEL / Fedora shows how this works in practice.
>
AppArmor (then called "SubDomain") showed how this worked in practice
years before the Targeted Policy came along. The Targeted Policy
implements an approximation to the AppArmor security model, but does it
with domains and types instead of path names, imposing a substantial
cost in ease-of-use on the user.

Crispin
--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rudolf Marek: "Re: [RFC] Watchdog device class"
Previous message: Jean Delvare: "Re: [PATCH] i2c-i801: Fix resume when PEC is used"
In reply to: Karl MacMillan: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Next in thread: Arjan van de Ven: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]