Quoting Casey Schaufler ([EMAIL PROTECTED]): > > --- Karl MacMillan <[EMAIL PROTECTED]> wrote: > > > > There are others who would argue that SELinux > > > has abandoned the Linux privilege model and > > > thus disrupted the unity of the existing > > > security model. > > > > > > > No clue what this means. > > Pre-SE Linux has a rational and well > established security model that includes > DAC and Privilege. The capability scheme > is designed to fit that model, adding the > logical extention from the POSIX statements > of "appropruate privilege" to defining what > those privileges would be. > > SELinux does not use capabilities to identify > where "policy" is excepted, rather it defines > policy in such a way as to make the notion of > exception unnecessary. Many people think this > is good. I personally like the traditional > scheme, and would be happier with SELinux if > it held to it. > > > > I don't understand why the SELinux crew seems > > > so intent on making it difficult to implement > > > alternatives. Last year it was "let's ditch LSM". > > > Now it's "Everyone hates stacking". Give it a > > > rest already. > > > > > > > 1) Stacking is possible now, just not arbitrary > > stacking by an admin. > > True enough, although I have to say that it > isn't a pleasant exercise. > > > 2) Not having arbitrary stacking in no way limits > > alternatives. It just > > forces the use of a single alternative at a time or > > explicit development > > to make alternatives work together. > > Funny thing is that I would agree with you 100% > if LSM implemented authoritative hooks. Since > LSM implements a scheme that is supposed to > provide strictly for additional restrictions > it should be simple to stack modules safely.
An example where that is not the case is if LSM 2 needs to label a file as 'toptopsecret noone may touch this', but LSM 1 has marked claimed that the user may not write an xattr. So now the user's info can be leaked. -serge - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
