Casey Schaufler wrote:
--- Stephen Smalley <[EMAIL PROTECTED]> wrote:
To the contrary, the LSPP work significantly
leverages the work already
done to integrate SELinux and makes use of the
SELinux interfaces for
applications. It also leverages SELinux TE to
address aspects such as
MLS overrides. By doing it within the context of
SELinux, it gained the
benefit of a unified security model and interface.
Which one doesn't get from LSM.
There are others who would argue that SELinux
has abandoned the Linux privilege model and
thus disrupted the unity of the existing
security model.
No clue what this means.
I don't understand why the SELinux crew seems
so intent on making it difficult to implement
alternatives. Last year it was "let's ditch LSM".
Now it's "Everyone hates stacking". Give it a
rest already.
1) Stacking is possible now, just not arbitrary stacking by an admin.
2) Not having arbitrary stacking in no way limits alternatives. It just
forces the use of a single alternative at a time or explicit development
to make alternatives work together.
3) The objections, if you read them, are about whether the correctness
of arbitrarily stacked modules can be reasonably expected or verified.
It is not an effort to limit alternatives.
There are real disagreements here, but please stop overstating the
differences and misconstruing (willfully?) peoples positions.
Karl
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
