Crispin Cowan wrote: > So, are there other reasons to put MAC first? Can someone who wants MAC first > wheel them out, so that we can attempt to compare the Bitch mode issue against > these reasons? On a system with MAC and audit (e.g. B1) you want the audit record to include the fact that MAC access was denied over the fact that DAC access was denied, as MAC violation is more likely to be a serious breach. I certainly see the value for MAC after DAC on your system. The best way to address this conflict would be to have DAC included in the security module. If that's not going to happen, someone is going to have an unhappy implementation using LSM. > Or is "just 'cause POSIX mandates it" really a big deal to some > people? The only value that POSIX conformance brings (aside that for MAC it's pretty reasonable) is acceptance in a larger context. One of the reasons the capability scheme is in and ACLs are getting there is that they have the Power of Posix behind them. -- Casey Schaufler Manager, Trust Technology, SGI caseyat_private voice: 650.933.1634 casey_pat_private Pager: 888.220.0607 _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 10:11:14 PDT