On Fri, 3 Aug 2001 jmjonesat_private wrote: > This, we clearly don't have. We have preserved the in-kernel (DAC) > policies methodically and pre-emptively, to the serious inhibition of > "whatever". Also, the kernel doesn't "just call the security procedure", > it goes through all the security checks it ever did, then ADDITIONALLY > calls the security procedure... turning it into a pure-cost issue > performance-wise. > > This would seem to imply that moving DAC to a module would be entertained > by Linus and might even more closely fit his requirements. I think you're taking Linus' statements out of context. By "policy", I think he was referring back to his statement about "uid==0" vs. capabilities vs. TE vs. MLS... Again, this is not about the existing kernel DAC logic. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 09:39:29 PDT