On Fri, Oct 05, 2001 at 04:40:43PM -0700, Casey Schaufler wrote: > We have successfully refutted the arguements that restrictive > hooks coupled with whacked capabilities is sufficient. No > one has proposed a resolution for the MAC/DAC ordering issue > which does not involve authoritative hooks. You assert that > restrictive hooks will be easier to sell than authoritative > even though they are known to be insufficent for POSIX ACLs > and NFSv4. The MAC/DAC ordering seems to be resolved (i.e. WireX hasn't complained, and they were the only ones that seemed to mind in the first place.) I don't remember that proof (about ACLs and NFSv4), but even if that is so, the kernel does not currently _have_ either POSIX ACL, or NFSv4, let alone versions of those subsystems that are going to use the LSM interface. Let's cross that bridge when we come to it. thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 16:58:25 PDT