Casey Schaufler [EMAIL PROTECTED] wrote:
How would you expect an LSM that is not SELinux to interface with
CacheFiles?
You have to understand that I didn't know that much about the LSM interface,
so I asked advice of the Red Hat security people, who, naturally, pointed me
at the SELinux
--- David Howells [EMAIL PROTECTED] wrote:
Casey Schaufler [EMAIL PROTECTED] wrote:
How would you expect an LSM that is not SELinux to interface with
CacheFiles?
You have to understand that I didn't know that much about the LSM interface,
so I asked advice of the Red Hat security
+extern struct smk_list_entry *smack_list;
any reason to invent your own list rather than just using list.h?
+
+#include linux/kernel.h
+#include linux/vmalloc.h
+#include linux/security.h
+#include linux/mutex.h
+#include net/netlabel.h
+#include
On Aug 11, 2007, at 13:57:31, Casey Schaufler wrote:
Smack implements mandatory access control (MAC) using labels
attached to tasks and data containers, including files, SVIPC, and
other tasks. Smack is a kernel based scheme that requires an
absolute minimum of application support and a
On Aug 11 2007 10:57, Casey Schaufler wrote:
* - pronounced star
wall
_ - pronounced floor
floor
^ - pronounced hat
roof
? - pronounced huh
it's dark in here :)
+config SECURITY_SMACK
+ bool Simplified Mandatory Access Control Kernel Support
+ depends on NETLABEL
--- Kyle Moffett [EMAIL PROTECTED] wrote:
On Aug 11, 2007, at 13:57:31, Casey Schaufler wrote:
Smack implements mandatory access control (MAC) using labels
attached to tasks and data containers, including files, SVIPC, and
other tasks. Smack is a kernel based scheme that requires an
On Aug 11, 2007, at 17:01:09, Casey Schaufler wrote:
[SELinux...] which can do *all* of this, completely and without
exceptions,
That's quite a strong assertion.
It is, but I stand by it. If anyone can point out some portion of
this which *cannot* be implemented as SELinux policy I will
Casey Schaufler [EMAIL PROTECTED] writes:
Smack is the Simplified Mandatory Access Control Kernel.
I like the simplified part.
+static int smk_get_access(smack_t sub, smack_t obj)
+{
+ struct smk_list_entry *sp = smack_list;
+
+ for (; sp != NULL; sp = sp-smk_next)
+
--- Jan Engelhardt [EMAIL PROTECTED] wrote:
On Aug 11 2007 10:57, Casey Schaufler wrote:
* - pronounced star
wall
_ - pronounced floor
floor
^ - pronounced hat
roof
? - pronounced huh
it's dark in here :)
It's almost worth considering the change for the joke.
--- Andi Kleen [EMAIL PROTECTED] wrote:
Casey Schaufler [EMAIL PROTECTED] writes:
Smack is the Simplified Mandatory Access Control Kernel.
I like the simplified part.
+static int smk_get_access(smack_t sub, smack_t obj)
+{
+ struct smk_list_entry *sp = smack_list;
+
+ for
Casey Schaufler (on Sat, 11 Aug 2007 10:57:31 -0700) wrote:
Smack is the Simplified Mandatory Access Control Kernel.
[snip]
Smack defines and uses these labels:
* - pronounced star
_ - pronounced floor
^ - pronounced hat
? - pronounced huh
The access rules enforced by Smack
11 matches
Mail list logo