--- James Morris <jmorris@private> wrote: > On Wed, 25 May 2005, Crispin Cowan wrote: > > > What constitutes "inappropriate" here? > > In my view, LSM should be used for significantly > enhancing access control > systems. > > See: > http://www.ussg.iu.edu/hypermail/linux/kernel/0503.1/0300.html >From that message: > One of the reasons I would put forward for this > is that it can be dangerous to allow the user to > arbitrarily compose security modules. Not to throw gasoline on the fire (Oh jiminies, why not) but this is exactly what SELinux claims as it's primary value, that the end user can script her very own security policy. Yes, it would be dangerous. That's why the LSM hooks are restrictive, not authoritative. Casey Schaufler casey@schaufler-ca.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
This archive was generated by hypermail 2.1.3 : Wed May 25 2005 - 18:01:44 PDT