All of lore.kernel.org
 help / color / mirror / Atom feed
From: Casey Schaufler <casey@schaufler-ca.com>
To: Stephen Smalley <sds@tycho.nsa.gov>, casey@schaufler-ca.com
Cc: "Serge E. Hallyn" <serge@hallyn.com>,
	Kyle Moffett <mrmacman_g4@mac.com>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Bill Davidsen <davidsen@tmr.com>,
	James Morris <jmorris@namei.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel
Date: Tue, 9 Oct 2007 09:02:42 -0700 (PDT)	[thread overview]
Message-ID: <700885.76235.qm@web36601.mail.mud.yahoo.com> (raw)
In-Reply-To: <1191937926.24970.69.camel@moss-spartans.epoch.ncsc.mil>


--- Stephen Smalley <sds@tycho.nsa.gov> wrote:

> On Mon, 2007-10-08 at 10:31 -0700, Casey Schaufler wrote:
> > ...
> > I wouldn't expect the whole thing to be more than a couple week's
> > work for someone who really wanted to do it.
> 
> Note that Serge said "SELinux re-written on top of Smack", not "rewrite
> Smack to be more like SELinux".

Sorry, the subtlety of the difference seems insignificant to me.

> I don't believe the former is even
> possible, given that Smack is strictly less expressive and granular by
> design. Rewriting Smack to be more like SELinux should be possible,

As I outlined, it wouldn't be that hard to rewack SELinux from Smack.

> but seems like more work than emulating Smack on SELinux via policy,

Y'all keep saying that, but since noone has actually done that
SELinux policy, or anything like it, I maintain that it's not as
easy as you are inclined to claim. It is certainly not the "I'll
whip it up this weekend" sort of task that some have suggested.

> and to what end?

Well, there is that. I personally think that one implementation of
SELinux is plenty.

On the other hand, I think that if the concept of a single security
architecture has value the advocates of that position ought to be
looking at SELinux on/of Smack just as carefully as they look at
Smack on/of SELinux. If they are not, I suggest that the Single
Security Architecture argument is a sophistic device rather than
a legitimate issue of technology and should thus be ignored.


Casey Schaufler
casey@schaufler-ca.com

  reply	other threads:[~2007-10-09 16:02 UTC|newest]

Thread overview: 79+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-09-30  0:20 [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel Casey Schaufler
2007-09-30  8:16 ` Andrew Morton
2007-09-30  8:42   ` Andi Kleen
2007-09-30 17:14     ` Casey Schaufler
2007-09-30 17:34       ` Andi Kleen
2007-09-30 23:24         ` david
2007-09-30 17:29     ` Joshua Brindle
2007-09-30 17:39       ` Andi Kleen
2007-09-30 19:07         ` Theodore Tso
2007-09-30 20:05           ` Andi Kleen
2007-09-30 20:22             ` Theodore Tso
2007-10-01 20:28             ` Casey Schaufler
2007-09-30 20:18           ` Paul Moore
2007-09-30  9:53   ` Christoph Hellwig
2007-09-30 17:19     ` Casey Schaufler
2007-10-02  8:36     ` Thomas Bleher
2007-09-30 17:02   ` Casey Schaufler
2007-09-30 20:30   ` Paul Moore
2007-10-01 11:33   ` James Morris
2007-10-01 15:07     ` Linus Torvalds
2007-10-01 15:40       ` Stephen Smalley
2007-10-01 16:04         ` Linus Torvalds
2007-10-01 17:54           ` Olivier Galibert
2007-10-02 21:02           ` Bill Davidsen
2007-10-02 21:20             ` Linus Torvalds
2007-10-02 23:25               ` Linus Torvalds
2007-10-03  0:12                 ` Alan Cox
2007-10-04 22:56                   ` Derek Fawcus
2007-10-04 23:18                     ` Chuck Ebbert
2007-10-04 23:44                       ` Derek Fawcus
2007-10-03  5:32                 ` Crispin Cowan
2007-10-03  3:54               ` Bill Davidsen
2007-10-03  4:52                 ` Linus Torvalds
2007-10-05  1:44                   ` Eric W. Biederman
2007-10-05  3:04                     ` Kyle Moffett
2007-10-05  4:45                       ` Eric W. Biederman
2007-10-05  5:48                         ` Kyle Moffett
2007-10-05 16:27                           ` Casey Schaufler
2007-10-05 18:42                             ` Stephen Smalley
2007-10-05 20:08                               ` Casey Schaufler
2007-10-05 20:11                               ` Eric W. Biederman
2007-10-08 17:50                                 ` Casey Schaufler
2007-10-08 18:47                                   ` Eric W. Biederman
2007-10-08 18:53                                     ` Serge E. Hallyn
2007-10-08 21:05                                     ` Casey Schaufler
2007-10-08 16:18                             ` Serge E. Hallyn
2007-10-08 17:31                               ` Casey Schaufler
2007-10-09 13:52                                 ` Stephen Smalley
2007-10-09 16:02                                   ` Casey Schaufler [this message]
2007-10-08 23:24                               ` Bill Davidsen
2007-10-08 16:06                         ` Serge E. Hallyn
2007-10-08 17:20                           ` Eric W. Biederman
2007-10-08 18:00                             ` Serge E. Hallyn
2007-10-08 19:29                               ` Eric W. Biederman
2007-10-08 19:50                               ` Eric W. Biederman
2007-10-08 20:39                                 ` Casey Schaufler
2007-10-08 21:02                                   ` Eric W. Biederman
2007-10-08 21:20                                 ` Alan Cox
2007-10-10 13:48                                   ` Eric W. Biederman
2007-10-10 15:45                                     ` Stephen Smalley
2007-10-10 17:57                                       ` Casey Schaufler
2007-10-11 10:46                                         ` Kyle Moffett
2007-10-11 15:41                                           ` Casey Schaufler
2007-10-11 18:53                                             ` Kyle Moffett
2007-10-11 20:09                                               ` Alan Cox
2007-10-08 21:51                                 ` Crispin Cowan
2007-10-30  4:01                               ` Kazuki Omo(Company)
2007-10-30 15:07                                 ` Casey Schaufler
2007-10-08 20:25                             ` Casey Schaufler
2007-10-08 20:57                               ` Eric W. Biederman
2007-10-06 19:14                       ` Bill Davidsen
2007-10-03  0:10             ` Alan Cox
2007-10-03  0:18               ` Linus Torvalds
2007-10-01 16:39         ` Casey Schaufler
2007-10-01 19:00         ` Theodore Tso
2007-10-01 15:38     ` Casey Schaufler
2007-10-01 20:49   ` Jan Engelhardt
2007-10-01  3:47 ` Serge E. Hallyn
2007-10-01  4:15   ` Casey Schaufler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=700885.76235.qm@web36601.mail.mud.yahoo.com \
    --to=casey@schaufler-ca.com \
    --cc=akpm@linux-foundation.org \
    --cc=davidsen@tmr.com \
    --cc=ebiederm@xmission.com \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mrmacman_g4@mac.com \
    --cc=sds@tycho.nsa.gov \
    --cc=serge@hallyn.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.