--- James Morris <jmorris@private> wrote: > Date: Mon, 17 Oct 2005 17:02:01 -0400 (EDT) > From: James Morris <jmorris@private> > To: David Safford <safford@private> > Subject: Re: [RFC][PATCH] EVM and SLIM LSM modules > CC: linux-security-module@private > > On Mon, 17 Oct 2005, David Safford wrote: > > > SLIM provides a simple integrity mandatory access > control, similar > > to LOMAC, but using EVM information to aid > decisions, and to ensure > > the integrity of guard processes. > > Can you explain why the Linux kernel needs SLIM when > SELinux already > provides MAC and integrity control? (Someone challenged me a while back when I said that people reacted thus when LSM modules are suggested) Read the description. This is a *simple* policy, not the general/generic scheme that is SELinux. Perhaps you could implement a similar scheme using SELinux, but it would certainly "weigh" a lot more. ------------------------ Casey Schaufler casey@schaufler-ca.com 650.906.1780
This archive was generated by hypermail 2.1.3 : Mon Oct 17 2005 - 14:39:55 PDT