Re: [RFC][PATCH 1/3] EVM

From: Stephen Smalley (sds@private)
Date: Fri Nov 18 2005 - 10:42:30 PST

Previous message: Stephen Smalley: "Re: [RFC][PATCH 2/3] SLIM"
In reply to: Stephen Smalley: "Re: [RFC][PATCH 1/3] EVM"
Next in thread: Greg KH: "Re: [RFC][PATCH 1/3] EVM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Fri, 2005-11-18 at 07:57 -0500, Stephen Smalley wrote:
> On Thu, 2005-11-17 at 17:29 -0500, David Safford wrote:
> > After conversion of the configuration code to securityfs,
> > we allow only one initial configuration (which we do in 
> > the initrd, when there is only the one init process), and
> > then we remove the securityfs config file.
> 
> That seems fairly limiting - why not just provide locking?

BTW, the above approach is also likely to run into deployment problems.
SELinux also used an initrd-based policy load for a little while, and it
proved problematic.

-- 
Stephen Smalley
National Security Agency

Previous message: Stephen Smalley: "Re: [RFC][PATCH 2/3] SLIM"
In reply to: Stephen Smalley: "Re: [RFC][PATCH 1/3] EVM"
Next in thread: Greg KH: "Re: [RFC][PATCH 1/3] EVM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Nov 18 2005 - 10:36:28 PST