From: Paul Moore <paul.moore@hp.com>
To: casey@schaufler-ca.com
Cc: torvalds@osdl.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, akpm@osdl.org
Subject: Re: [PATCH] Version 4 (2.6.23-rc8-mm2) Smack: Simplified Mandatory Access Control Kernel
Date: Wed, 3 Oct 2007 08:19:14 -0400 [thread overview]
Message-ID: <200710030819.14934.paul.moore@hp.com> (raw)
In-Reply-To: <47031E76.6020801@schaufler-ca.com>
On Wednesday 03 October 2007 12:45:42 am Casey Schaufler wrote:
> From: Casey Schaufler <casey@schaufler-ca.com>
>
> Smack is the Simplified Mandatory Access Control Kernel.
>
> Smack implements mandatory access control (MAC) using labels
> attached to tasks and data containers, including files, SVIPC,
> and other tasks. Smack is a kernel based scheme that requires
> an absolute minimum of application support and a very small
> amount of configuration data.
>
> {snip}
>
> This patch includes changes made by Paul Moore <paul.moore@hp.com>
> in support of a more comfortable interface to initialize the
> CIPSO code from within the kernel. The changes in the net directory
> are Pauls, as is the update to netlabel.h
My sign-off got lost when Casey smooshed the patch I sent him into the SMACK
mega-patch so I'll throw it back in the thread for accounting purposes.
Signed-off-by: Paul Moore <paul.moore@hp.com>
As for SMACK's use of NetLabel - it looks fine to me, especially now that
there is better preservation of the NetLabel/LSM boundary. As has been
discussed on the various lists during earlier revisions of the patch I
believe there are still some optimizations that can be made regarding how
SMACK uses NetLabel but that is something we can always work on at a later
date.
Acked-by: Paul Moore <paul.moore@hp.com>
--
paul moore
linux security @ hp
prev parent reply other threads:[~2007-10-03 12:19 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-03 4:45 [PATCH] Version 4 (2.6.23-rc8-mm2) Smack: Simplified Mandatory Access Control Kernel Casey Schaufler
2007-10-03 5:12 ` Al Viro
2007-10-03 17:21 ` Casey Schaufler
2007-10-03 17:52 ` Al Viro
2007-10-03 18:17 ` Alan Cox
2007-10-03 18:17 ` Al Viro
2007-10-03 20:21 ` Casey Schaufler
2007-10-03 20:40 ` Alan Cox
2007-10-03 21:06 ` Casey Schaufler
2007-10-03 19:51 ` Casey Schaufler
2007-10-03 20:57 ` Al Viro
2007-10-03 22:23 ` Casey Schaufler
2007-10-03 22:50 ` Al Viro
2007-10-04 0:42 ` Casey Schaufler
2007-10-03 12:19 ` Paul Moore [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200710030819.14934.paul.moore@hp.com \
--to=paul.moore@hp.com \
--cc=akpm@osdl.org \
--cc=casey@schaufler-ca.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.