* frm crispinat_private "08/06/01 10:47:09 -0700" | sed '1,$s/^/* /' * * * Not yet. I'm still waiting to hear whether the promised advantages are * real or not. In particular, I want to know whether Smalley's style of * authoritative hooks (DAC-in, DAC-first, send DAC result to module as a * parameter, and let the module make the final decision) actually improves * SGI's situation. Richard? Yes, it does improve it. Its not perfect, there are fundimental problems with it (which we've all gone over before), but we (SGI) can live with it. If the hooks are going to be truely authoritative, then they need to be able to make the same decision as the in-kernel logic, this might mean passing additional parameters in some cases. * * Crispin richard. ----------------------------------------------------------------------- Richard Offer Technical Lead, Trust Technology, SGI "Specialization is for insects" _______________________________________________________________________ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 14:46:30 PDT