sds> Hmmm...well, now I'm confused. I thought that you (and others) were sds> arguing that low water mark offers a higher degree of compatibility with sds> traditional Unix than SELinux/TE, but here you seem to disavow such a sds> claim, and don't respond to my specific examples of how the automatic sds> demotion of low water mark is just as problematic for compatibility as a sds> fixed label model. No, I'm not here to make that argument today. I'm just here to suggest that, if you want to demonstrate the generality of FLASK or LSM, then SLIM deserves consideration because it implements one of the few approaches not already covered by SELinux. Presumably Low Water-Mark is an approach you considered and rejected when you began work on SELinux. I respect your decision, even though I happen to think that Low Water-Mark has its uses. I don't want to try to change your mind. I would, however, like to point out that it is likely that *any* security module that is significantly different from SELinux is apt to be be based on an approach that you once considered and rejected. If the LSM interface is to have an additional interesting example module that is not simply a reimplementation of something SELinux already does quite well, then it seems likely to me that the example will have have to be drawn from the pile of approaches you personally would have rejected. Some implementation of Low Water-Mark seems to deserve consideration --- even though you are not fond of it, both Dr. Safford and I have found it useful in our work at different times and places. - Tim Fraser
This archive was generated by hypermail 2.1.3 : Wed Nov 30 2005 - 09:17:58 PST