On Mon, 23 Jul 2001, Seth Arnold wrote: > On Sun, Jul 22, 2001 at 03:28:57PM -0400, jmjonesat_private wrote: > [Crispin's SubDomain description.] > > > This would seem to me to be an excellent description of a "permissive" > > policy. > > Absolultely not. SubDomain *never* grants access to a file that the DAC > checks deny. > > :) Yes, I understand this now. However, since it requires the confined process to be executed as root and then confined (i think) it circumvents many of those restrictions in favor of its own model. This is very useful, but I have some issues with it. Because this discussion is somewhat off-topic and based on theoreticals/philosophy, rather than being strictly forward moving via the code, I've moved it to lsm-discussionat_private to hash it out before returning it here with (hopefully) more on-topic results. Anyone interested is welcome to subscribe there by sending an email to: majordomoat_private with subscribe lsm-discussion end in the body. Thanks, J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 10:37:30 PDT