From: Christoph Hellwig <hch@infradead.org>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: Adrian Bunk <bunk@stusta.de>, James Morris <jmorris@redhat.com>,
lkml <linux-kernel@vger.kernel.org>,
selinux@tycho.nsa.gov
Subject: Re: [2.6 patch] selinux: possible cleanups
Date: Mon, 29 Nov 2004 16:27:01 +0000 [thread overview]
Message-ID: <20041129162701.GA6553@infradead.org> (raw)
In-Reply-To: <1101744496.13948.141.camel@moss-spartans.epoch.ncsc.mil>
On Mon, Nov 29, 2004 at 11:08:16AM -0500, Stephen Smalley wrote:
> These functions are part of an overall interface between the AVC and the
> security server designed to support dynamic security policy
> requirements, based on prior studies including some formal analysis.
> While the example security server does not presently use anything other
> than avc_ss_reset, I'd be hesitant to completely remove the rest of the
> interface, as that will leave a far less functional interface for future
> security servers and may lead to further "optimization" of the AVC that
> will preclude support for dynamic policy requirements (or at least make
> it much harder to restore such support).
Feel free to add it whenever you need it. So far keeping the kernel
small and allowing for the optimizations you fear seems far more important
than some vapourware.
> > - ss/services.c: security_member_sid
>
> There are patches under development for SELinux that make use of this
> function, including exporting the interface to userspace via selinuxfs
> and using it in-kernel for polyinstantiation.
And the ETA for those in mainline is?
next prev parent reply other threads:[~2004-11-29 16:30 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-28 19:01 [2.6 patch] selinux: possible cleanups Adrian Bunk
2004-11-29 15:41 ` James Morris
2004-11-29 16:08 ` Stephen Smalley
2004-11-29 16:27 ` Christoph Hellwig [this message]
2004-12-03 15:54 ` Stephen Smalley
2004-12-06 0:48 ` Adrian Bunk
2004-12-06 1:27 ` Adrian Bunk
2004-12-08 18:58 ` Stephen Smalley
2005-03-13 3:01 ` [2.6 patch] selinux: cleanups Adrian Bunk
2005-03-14 19:22 ` Stephen Smalley
2005-03-14 20:07 ` Adrian Bunk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041129162701.GA6553@infradead.org \
--to=hch@infradead.org \
--cc=bunk@stusta.de \
--cc=jmorris@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sds@epoch.ncsc.mil \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox