From: Rafał Krypa [mailto:[email protected]] Sent: Thursday, February 27, 2014 8:12 AM To: [email protected] Cc: Schaufler, Casey Subject: Re: [Dev] Update of security framework repositories
On 2014-02-24 19:06, Schaufler, Casey wrote: Systemd takes care of loading the Smack rules. The three domain model eliminates the need for "fast" rule loading. We will have to deal with that sooner or later. Systemd has completely independent rule loading implementation that duplicates existing functionality and doesn't follow features and enhancements that are put into libsmack. Also if we consider policy loading apart from Tizen 3 and 3-domain policy, IMHO there are valid use cases of things like large policy There we disagree. Large policy is inherently difficult to analyze, and being small enough to analyze is a basic characteristic of a secure system. However, I will grant that some people want to do it anyway. That’s why the loading performance changes got into the kernel. and modify rules in files (four fields format). The atomic modification has merit without bring performance into the equation. Even if we agree that systemd support for loading the Smack rules is all that Tizen 3 needs, it would still be best if systemd could rely on libsmack to do that. Yes, systemd should be using libsmack. That is work to be done.
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
