Philippe Biondi wrote: >What about considering as a 1st approximation to replace every call to >permission() [...] and every call to capable() [...] >The next step would be to >* transform this function is something like a hub, with a register()... >* add a place for more fine grained security policy data in the task struct >* add a hook for inheritage rules of security policy data. >* reimplement the same security model using the new place in task struct > (instead of ->uid,..), the hook of inheritage, and the hub function That's a great start, and I do like it! But: Janus uses a much more expressive policy than can be supported with just these two changes, and I'd need more contextual information (about parameters, etc.) implement something like Janus. I suspect other projects will have a similar experience. So, this seems like one possible useful starting point, but I'd argue it is not sufficient for some of the most sophisticated policies we might be interested in. Personally, I'd issue a plea to avoid discussing the merits of MAC vs. DAC. The role of the LSM is to support both, if I understood correctly. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Apr 20 2001 - 18:30:48 PDT