Stephen Smalley wrote: > On Wed, 18 Apr 2001, Crispin Cowan wrote: > > I've taken the position that we should include only hooks for modules > > that seriously intend to port to the LSM interface. I would love it if > > SELinux and RSBAC became LSM modules. So the above is entirely > > consistent with my view of this project's goals. > > > > However, I have been told that the SELinux people doubt the viability of > > a LKM interface for their package, and I've seen the RSBAC people claim > > in public that they don't believe that LSM is sufficient for their > > needs. So, I advocate LSM providing the hooks for SELinux and RSBAC if > > and only if they intend to port to it. > > This is a terribly irresponsible approach. As I've mentioned > before, we have two working example systems based on significant > prior research that already provide security in a very general > manner. To ignore them just because they have some concerns > about the direction of this effort is unwise if you really > want a good solution. But we're not ignoring them. As far as I can tell, both projects are represented here. Our intent is to support these projects, by adding the hooks that they need. > > My main problem with that is that SubDomain is 1/10th the size of > > SELinux. Parsimony is its main advantage over more general MAC systems, > > so forcing SubDomain to sit on top of another MAC system destroys its > > value. Yes, you can use an 18-wheel truck as a commuter vehicle, but > > it's not always the best solution. > > I'm not suggesting that you implement SubDomain via SELinux. I'm > suggesting that if we were to start with systems like SELinux > and RSBAC in developing our set of hooks, we would end up with > a set of hooks that could easily support SubDomain and other > projects. Ah, much better. Then we seem to be in substantial agreement. Our goal is the union set of hooks required for Capabilities, SELinux, RSBAC, SubDomain, CryptoMark, LIDS, plus anyone else who (seriously) wants to play. We started with Capabilities, because it is simple, we know the code, its simple, and will likely also support SubDomain, CryptoMark, and LIDS. Greg put out his kernel patch for comment; please comment on what is needed so that it can support SELinux and RSBAC. Or better yet, patch it: you're likely to do a better job of implementing support for your model than we are. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 09:31:02 PDT