On Mon, 6 Aug 2001, richard offer wrote: > The last time I checked (which was some time I ago, I admit), your > application changes still assumed that you were running SELinux (that's not > bad, currently my application audit changes assume that you have a kernel > with audit system calls implemented). But this will have to change. Well, actually, our application changes are set up to test whether SELinux is running, and if not, then to fall back to ordinary Unix behavior. > What I'm talking about is providing support for applications that is truely > policy independent, forking applications is just as bad as forking the > kernel. Ah, but the point of SELinux is that it is policy-independent. So the new system calls provided by SELinux aren't tied to any particular security policy model, but can support many different kinds of models. But I understand what you are saying - with LSM, we want an even more generic API. As I said, that would be interesting, but probably needs to wait a little. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 05:32:32 PDT