On Thu, Jun 10, 2010 at 3:24 PM, Shaz <[email protected]> wrote: >> Effective bits in access control are quite simple and similar to >> SMACK. Check the linux-security-module discussion for starters. >> The 'real' difference between smack and this is that we support >> multiple task labels and the fact that we don't allow the task to >> change it's own security context. > > Multiple task labels for multiple role assignment I guess ...?
In our case label does not really identify a task, it identifies a function task is allowed to perform on remote server. Each task can have any number of detailed rights assigned. > What about the verification of subjects like in EVM? This is still being discussed and I don't think anything has been concluded yet. I prefer IMA/EVM, but we do have similar bits in existence that might perform better on ARM, so it's still a bit open. > What about the secure boot part? What about adherence to existing standards? I guess everything run will be validated, but we're not that far meego wise yet. -- // Janne _______________________________________________ MeeGo-dev mailing list [email protected] http://lists.meego.com/listinfo/meego-dev
