From: Chris Wright <chris@wirex.com>
To: LA Walsh <law@tlinx.org>
Cc: linux-kernel@vger.kernel.org, torvalds@transmeta.com,
linux-security-module@wirex.com
Subject: Re: [BK PATCH] LSM changes for 2.5.59
Date: Mon, 10 Feb 2003 00:11:18 -0800 [thread overview]
Message-ID: <20030210001118.A7252@figure1.int.wirex.com> (raw)
In-Reply-To: <048601c2d0d6$cda31130$1403a8c0@sc.tlinx.org>; from law@tlinx.org on Sun, Feb 09, 2003 at 11:34:10PM -0800
* LA Walsh (law@tlinx.org) wrote:
> Maybe I'm delusional, but you are contradicting yourself. In
Re-read Linus' original spec with the following things in mind:
- we don't interpose at the system call level, rather the kernel object level
- we tag about 8 objects
- we have about 150 callbacks
- we don't move the capabilities bits from the task struct to the opaque id
- we allow active filtering
- we discourage generic policy composition
- we support models such as MLS, TE, DTE, RBAC, Capabilities, PBAC/TBAC
(whatver you want to call it), etc.
The fact that we don't support CAPP or LSPP standard compliant systems
which require MAC checks before DAC checks for _auditing_ is outside the
scope of this access control system.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
next prev parent reply other threads:[~2003-02-10 8:03 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-06 15:02 [BK PATCH] LSM changes for 2.5.59 Stephen D. Smalley
2003-02-06 15:18 ` Christoph Hellwig
2003-02-06 17:16 ` David Wagner
2003-02-06 17:45 ` Christoph Hellwig
2003-02-06 17:51 ` Alan Cox
2003-02-08 2:20 ` jmjones
2003-02-08 4:13 ` Miles Bader
2003-02-09 20:06 ` Christoph Hellwig
2003-02-10 1:39 ` Crispin Cowan
2003-02-10 3:02 ` LA Walsh
2003-02-10 3:40 ` Crispin Cowan
2003-02-10 7:34 ` LA Walsh
2003-02-10 8:11 ` Chris Wright [this message]
2003-02-10 8:21 ` 'Christoph Hellwig'
2003-02-10 8:33 ` Crispin Cowan
2003-02-10 8:39 ` 'Christoph Hellwig'
2003-02-10 13:31 ` Alan Cox
2003-02-10 17:29 ` Casey Schaufler
2003-02-12 8:12 ` side issues of baloney with that ham...(was LSM changes for 2.5.59) LA Walsh
2003-02-10 20:51 ` [BK PATCH] LSM changes for 2.5.59 LA Walsh
2003-02-10 21:36 ` David Wagner
2003-02-10 22:14 ` Bill Davidsen
2003-02-11 1:35 ` Dave Jones
2003-02-11 13:59 ` the modules problems Roman Zippel
2003-02-11 19:44 ` [BK PATCH] LSM changes for 2.5.59 Bill Davidsen
2003-02-10 4:06 ` J Sloan
2003-02-10 5:59 ` David Wagner
2003-02-10 7:31 ` Christoph Hellwig
-- strict thread matches above, loose matches on Subject: below --
2003-02-13 4:08 Mika Kukkonen
2003-02-12 16:58 Makan Pourzandi (LMC)
2003-02-12 18:45 ` 'Christoph Hellwig'
2003-02-12 19:11 ` magniett
2003-02-12 18:38 ` 'Christoph Hellwig'
2003-02-12 22:22 ` Crispin Cowan
2003-02-12 15:37 Pete Loscocco
[not found] <b28k4f$hp4$1@abraham.cs.berkeley.edu>
2003-02-12 8:27 ` LA Walsh
2003-02-10 19:57 Stephen D. Smalley
2003-02-10 22:38 ` LA Walsh
2003-02-10 16:55 Stephen D. Smalley
2003-02-11 8:05 ` Christoph Hellwig
2003-02-13 11:08 ` Chris Wright
2003-02-05 16:59 Stephen D. Smalley
2003-02-05 16:47 Stephen D. Smalley
2003-02-05 16:49 ` Christoph Hellwig
2003-02-05 22:07 ` Greg KH
2003-02-05 22:30 ` Christoph Hellwig
2003-02-05 22:39 ` Russell Coker
2003-02-05 22:41 ` Christoph Hellwig
2003-02-05 15:00 Stephen D. Smalley
2003-02-05 15:34 ` Christoph Hellwig
2003-02-05 16:26 ` Mark Hahn
2003-02-05 13:45 Stephen D. Smalley
2003-02-05 14:13 ` Christoph Hellwig
2003-02-05 4:15 Greg KH
2003-02-05 8:47 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030210001118.A7252@figure1.int.wirex.com \
--to=chris@wirex.com \
--cc=law@tlinx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox