Re: Making forward progress

From: richard offer (offerat_private)
Date: Mon Aug 06 2001 - 14:45:23 PDT

  • Next message: richard offer: "Re: Problems with some of the current hooks"

    * frm crispinat_private "08/06/01 10:47:09 -0700" | sed '1,$s/^/* /'
    * Not yet.  I'm still waiting to hear whether the promised advantages are
    * real or not.  In particular, I want to know whether Smalley's style of
    * authoritative hooks (DAC-in, DAC-first, send DAC result to module as a
    * parameter, and let the module make the final decision) actually improves
    * SGI's situation.  Richard?
    Yes, it does improve it. Its not perfect, there are fundimental problems
    with it (which we've all gone over before), but we (SGI) can live with it.
    If the hooks are going to be truely authoritative, then they need to be
    able to make the same decision as the in-kernel logic, this might mean
    passing additional parameters in some cases.
    * Crispin
    Richard Offer                     Technical Lead, Trust Technology, SGI
    "Specialization is for insects"
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 14:46:30 PDT