On Sat, 4 Aug 2001, Crispin Cowan wrote: > Not yet, but they will be. In the near term, the non-requirement for extended > attributes gives models like SELinux and SubDomain an advantage over more classical > security models like MLS, which require Security Labels[tm] on files. Just to clarify about SELinux, SELinux does assign security labels (but we call them security contexts, to avoid the common association with MLS) to files. In the original SELinux prototype, we used a spare field in the ext2 on-disk inode to store an integer persistent security identifier (PSID) and we stored a mapping between PSIDs and security contexts in each file system. In the LSM-based SELinux prototype, we maintain an additional mapping from inode numbers to PSIDs in each file system rather than using the spare field. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 06:54:30 PDT