From: Casey Schaufler <casey@schaufler-ca.com>
To: jwcart2@tycho.nsa.gov
Cc: SELinux <selinux@tycho.nsa.gov>
Subject: Re: Policy infrastructure problems and improvement
Date: Thu, 09 Apr 2009 21:19:28 -0700 [thread overview]
Message-ID: <49DEC8D0.2060105@schaufler-ca.com> (raw)
In-Reply-To: <1239290883.22856.53.camel@moss-lions.epoch.ncsc.mil>
James Carter wrote:
> I am looking at improving the policy infrastructure. The ultimate goal
> is to make SELinux policy writing, policy customization, policy
> management, and administration easier and less confusing. My focus will
> be on the userspace parts of SELinux.
>
> My plan to do this is as follows:
> (1) Determine and enumerate the existing problems of the current
> infrastructure.
> (2) Determine the desired capabilities and architecture of the ideal
> infrastructure.
> (3) Determine the changes needed to the current architecture to fix the
> current problems and to provide the desired capabilities.
> (4) Make the policy infrastructure as close to the ideal as possible
> while providing some kind of backwards compatibility and taking other
> practicalities into consideration.
>
> I have had some informal discussions with others internally and at
> Tresys, and the five emails to follow have my summary of the problems
> that have been identified in those discussions.
>
> My hope is that there will be a good discussion and that others on the
> list will identify other problems and provide more details or examples
> to the problems already identified.
>
I will throw my traditional comment on the pile as I didn't see that
you had it on your list anywhere. The policy required to describe a
system is too large.
Thank you.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2009-04-10 4:19 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-09 15:28 Policy infrastructure problems and improvement James Carter
2009-04-10 4:19 ` Casey Schaufler [this message]
2009-04-10 12:34 ` James Carter
2009-04-10 14:51 ` Joe Nall
2009-04-10 16:33 ` James Carter
2009-04-10 17:44 ` Joe Nall
2009-04-13 7:28 ` Alexey S.
2009-04-13 11:31 ` Daniel J Walsh
2009-04-11 2:45 ` Casey Schaufler
2009-04-14 13:31 ` James Carter
2009-04-10 12:43 ` Alexey S
2009-04-10 12:45 ` Stephen Smalley
2009-04-10 14:28 ` Joe Nall
2009-04-13 7:10 ` Alexey S
2009-04-10 13:09 ` Xavier Toth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49DEC8D0.2060105@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=jwcart2@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.