On Wed, 2005-05-25 at 10:55, James Morris wrote: > On Wed, 25 May 2005, Stephen Smalley wrote: > > > - using SELinux as the shared framework and directly integrating them > > into it so that they can leverage its policy abstractions as well and > > serve to reinforce the access controls rather than being redundant. > > Given that nobody has come up with an upstream alternative to SELinux > since the merging of LSM, this should certainly be considered. > > In fact, there has recently been some discussion about removing LSM > completely and just using SELinux directly. To remove LSM completely would be tragic. LSM, while not perfect, provides a very nice means to develop an access control implementation without creating a custom kernel. After all, isn't _choice_ what Linux is all about? The architecture should allow alternative implementations. - Bob Bennett Computer Associates > > > - James
This archive was generated by hypermail 2.1.3 : Wed May 25 2005 - 12:20:02 PDT