On Mon, 12 Nov 2001, Casey Schaufler wrote: > The crux of my point, and I'm sorry that we get bogged down in > examples, is one of architecture. If we say that restrictive hooks > are good enough because one can resort to C+R, then we also need > to say that C+R is good enough *in the general case*. Who said that? In prior discussions on this list, there have been specific examples where C+R is not enough to provide authoritative control, so no one is arguing that you can always resort to C+R if you want authoritative behavior. I merely challenged the idea that POSIX ACLs can't be easily implemented via C+R, and continue to think that they can. As far as general support for authoritative behavior goes, it needs to wait until a later phase of LSM, as has been argued at length on this thread and previously. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Nov 12 2001 - 12:42:35 PST