Re: [RFC] [PATCH] Replace security fields with hashtable

From: James Morris (jmorris@private)
Date: Wed Oct 27 2004 - 08:34:45 PDT


On Wed, 27 Oct 2004, Serge E. Hallyn wrote:

> LSM hooks can also be used for performance measurements, to aid an audit
> subsystem, etc.  And with LSM's like bsdjail and securelevel, stacking with
> SELinux is still useful even though all are purely security modules.

If people want to stack these modules with SELinux, then their essential
functionality should instead be incorporated into SELinux so they can be
managed via SELinux policy.

> > I don't think arbitary composition of security models is a service that 
> > the Linux kernel should provide.
> 
> Here we fundamentally disagree.  Something which can be unsafe for some if
> improperly used, but useful for others, should not therefore be disabled.
> Following that logic, we could argue that for many people SELinux is
> unsafe because it is far too complicated and hard to set up at the moment,
> and should therefore not be distributed with the kernel.

No, composing security is not something that just "can" be unsafe, 
research suggests that it will be.

SELinux is complex, but it is deployable and analyzable via a single
security policy.


- James
-- 
James Morris
<jmorris@private>



This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 08:35:38 PDT