From mboxrd@z Thu Jan  1 00:00:00 1970
From: Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: AppArmor FAQ
Date: Wed, 18 Apr 2007 06:31:37 -0700 (PDT)
Message-ID: <262350.24656.qm@web36604.mail.mud.yahoo.com>
References: <46260BE1.4060509@tresys.com>
Reply-To: casey@schaufler-ca.com
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Cc: linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org
To: Joshua Brindle <jbrindle@tresys.com>, capibara@xs4all.nl
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from web36604.mail.mud.yahoo.com ([209.191.85.21]:38876 "HELO
	web36604.mail.mud.yahoo.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with SMTP id S2992458AbXDRNbi (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 18 Apr 2007 09:31:38 -0400
In-Reply-To: <46260BE1.4060509@tresys.com>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org


--- Joshua Brindle <jbrindle@tresys.com> wrote:


> Biba and BLP are only incompatible if they are using the same label, if 
> each object has a confidentiality and integrity label they work fine 
> together

Joshua is correct here, although the original Biba observation was
that flipping BLP upside down results in an integrity model. Trusted
Irix uses (used?) both Biba and BLP.

> (as well as MLS systems work in general that is).

Doh! He had to get the dig in.



Casey Schaufler
casey@schaufler-ca.com