* LA Walsh (lawat_private) wrote: > Maybe I'm delusional, but you are contradicting yourself. In Re-read Linus' original spec with the following things in mind: - we don't interpose at the system call level, rather the kernel object level - we tag about 8 objects - we have about 150 callbacks - we don't move the capabilities bits from the task struct to the opaque id - we allow active filtering - we discourage generic policy composition - we support models such as MLS, TE, DTE, RBAC, Capabilities, PBAC/TBAC (whatver you want to call it), etc. The fact that we don't support CAPP or LSPP standard compliant systems which require MAC checks before DAC checks for _auditing_ is outside the scope of this access control system. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 00:13:56 PST