On ven, 2013-11-15 at 21:56 +0000, Schaufler, Casey wrote: > We're in the process of merging the changes for the 3 Smack domain policy.
That is great to go to only 3 smack's domain! We are looking to something a little more sophisticated [1]. Our reasons to have more domains are: - we would like to isolate a core system comprising kernel and packaging items: all the minimal things that MUST be preserved for a minimal restart/reinstall. - we would like to enforce security and privacy of applications (natives and WRT) as defined on tizen.org [2] by using SMACK. We want to do it coarse-grained to minimize the complexity. (snip) > The changes required for the Linux kernel have been accepted. The systemd and > related changes are poised. The User domain setup will go in once the systemd > changes are in. We're waiting on a toolchain change that will allow images to > be built with the correct labeling. I'm curious. What are the poised changes? It seems to touch the kernel, systemd and the toolchain. I would really appreciate to have some details and/or pointers to this nearly incoming changes. Cheers José Bollo [1] https://wiki.tizen.org/wiki/Security/A_computer-aided_SMACK [2] https://developer.tizen.org/dev-guide/2.2.1/org.tizen.web.appprogramming/html/basics_tizen_programming/web_security_privacy.htm > > Once that is in place we will start polishing access rules and looking into > peer domains. > > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
