* Joshua Brindle (jbrindle@private) wrote: > Shouldn't there just be a file for each hook instead of this awkward syntax? > echo "(selinux and capabilities) or backdoor" > > /sys/security/stacker/inode_permission > > echo "selinux and capabilities" > /sys/security/stacker/default > What do you do if you leave out a module on a hook? Not consider it's result? AFAICT, this way lies madness... > SELinux is flexible enough that starting a new MAC implementation from > scracth should be really a last resort. Writing your own MAC implementation should be the first thing you consider when your desire is to write a MAC implementation. "Ext3 is a flexible filesystem, don't write a new one..." SELinux should be your last consideration when your goal is to innovate. Scratch your own itch and all that... thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
This archive was generated by hypermail 2.1.3 : Thu Sep 09 2004 - 09:40:35 PDT