Re: [RFC][PATCH 2/3] SLIM

From: Stephen Smalley (sds@private)
Date: Mon Nov 28 2005 - 07:14:33 PST


On Fri, 2005-11-18 at 16:02 -0500, James Morris wrote:
> I think that integrity verification, attestation and similar should be 
> implemented as services which can be called on and controlled by SELinux.

Yes, or even by another kernel subsystem or LSM if desired.  But this
requires a major overhaul of the current EVM implementation, this time
with an eye toward how something like SELinux would actually use it.

> I'd prefer to see the low-watermark model (if justified as a feature of 
> the upstream kernel) integrated as an option into SELinux rather than 
> implemented as a separate access control system.  It seems that Stephen is 
> not so keen on the idea, but we'd surely have control over whether the 
> model was enabled or not.
> 
> Incorporating the model into SELinux means making it part of a large 
> existing userbase and established community, meaning more testing, 
> analysis, maintenance etc., which tends to lead to a higher quality of 
> implementation.

Yes, this is certainly true.  I'm not convinced of the justification for
low water mark, but if it is justified, it does make more sense to
extend the Flask architecture and SELinux security server for it as an
optional policy component (like the MLS support) rather than introducing
a separate LSM altogether.

-- 
Stephen Smalley
National Security Agency



This archive was generated by hypermail 2.1.3 : Mon Nov 28 2005 - 07:08:36 PST