Stephen Smalley wrote: > > To preserve the assurance argument for LSM, I would very much like it if > > LSM provided purely restrictive hooks. Stephen Smalley pointed out that > > I overstated myself: Capabilities is not purely permissive, it is a mix. > > However, I conjecture that Capabilities is the ONLY permissive module on the > > table. > > > > Can anyone dispute this claim? Got an example of some other module that wants > > to be permissive? > > Although SELinux is currently only "restrictive", we would like to > provide functionality similar to the capabilities mechanism using > Type Enforcement, as we did in the DTOS prototype. That requires the > ability to be "permissive" as well. Partitioning superuser privileges > and assigning them to specific authorized users and programs is > useful functionality, and is already present in many Unix > variants. That being the case, I withdraw the "kick Capabilities out of LSM" proposal. It's major advantage was to achieve a restrictive-only LSM interface, which would seem to be impossible if we want to support the above. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com//Products/Immunix/purchase.html _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jun 01 2001 - 13:13:25 PDT