Re: Making forward progress

From: Stephen Smalley (sdsat_private)
Date: Fri Aug 03 2001 - 09:38:25 PDT

  • Next message: Valdis.Kletnieksat_private: "Re: Making forward progress"

    On Fri, 3 Aug 2001 jmjonesat_private wrote:
    > This, we clearly don't have.  We have preserved the in-kernel (DAC)
    > policies methodically and pre-emptively, to the serious inhibition of 
    > "whatever".  Also, the kernel doesn't "just call the security procedure", 
    > it goes through all the security checks it ever did, then ADDITIONALLY 
    > calls the security procedure... turning it into a pure-cost issue
    > performance-wise.
    > This would seem to imply that moving DAC to a module would be entertained
    > by Linus and might even more closely fit his requirements.
    I think you're taking Linus' statements out of context.  By "policy",
    I think he was referring back to his statement about "uid==0" vs.
    capabilities vs. TE vs. MLS...  Again, this is not about the existing
    kernel DAC logic.
    Stephen D. Smalley, NAI Labs
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 09:39:29 PDT