On Wed, 2005-05-25 at 22:29 -0700, Chris Wright wrote: > Ahh, the irony ;-) Sounds like reiser4, in fact didn't they recommend > being the VFS (/me runs). One difference is that the VFS and numerous filesystem implementations predated reiser4. In contrast, SELinux predated LSM, helped to drive LSM's development, and is the only significant user of the hooks in the kernel. > Hey, you keep forgetting about capabilities... Likely because it isn't a compelling example. Capability bits are still in the core kernel data structures, core kernel still directly tests capability bits via cap_raised, capability/setuid evolution logic had to be re-integrated to avoid races, capabilities was never an independent access control model to start with, and it only needs a few hooks. And despite the "modularization" of it, there has been no real experimentation with alternatives/variants to the existing capability logic. -- Stephen Smalley National Security Agency
This archive was generated by hypermail 2.1.3 : Thu May 26 2005 - 06:47:17 PDT