> To preserve the assurance argument for LSM, I would very much like it if > LSM provided purely restrictive hooks. Stephen Smalley pointed out that > I overstated myself: Capabilities is not purely permissive, it is a mix. > However, I conjecture that Capabilities is the ONLY permissive module on the > table. > > Can anyone dispute this claim? Got an example of some other module that wants > to be permissive? Although SELinux is currently only "restrictive", we would like to provide functionality similar to the capabilities mechanism using Type Enforcement, as we did in the DTOS prototype. That requires the ability to be "permissive" as well. Partitioning superuser privileges and assigning them to specific authorized users and programs is useful functionality, and is already present in many Unix variants. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jun 01 2001 - 12:24:27 PDT