From: Crispin Cowan <crispin@novell.com>
To: Nicholas Miell <nmiell@comcast.net>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
"Serge E. Hallyn" <serue@us.ibm.com>,
lkml <linux-kernel@vger.kernel.org>,
linux-security-module@vger.kernel.org, chrisw@sous-sol.org
Subject: Re: [RFC] [PATCH] file posix capabilities
Date: Fri, 18 Aug 2006 19:02:36 -0700 [thread overview]
Message-ID: <44E6713C.8060005@novell.com> (raw)
In-Reply-To: <1155615736.2468.12.camel@entropy>
Nicholas Miell wrote:
> OTOH, everybody seems to have moved from capability-based security
> models on to TE/RBAC-based security models, so maybe this isn't worth
> the effort?
>
TE, RBAC, AppArmor, and POSIX.1e Capabilities are all capability-based
systems, in that they all store the security attributes in the principal
(process, program, whatever) rather than the object (the files being
accessed). The difference is in the style of specifying the principals
and objects.
Crispin
--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com
Hack: adroit engineering solution to an unanticipated problem
Hacker: one who is adroit at pounding round pegs into square holes
next prev parent reply other threads:[~2006-08-19 2:02 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-30 1:13 [RFC] [PATCH] file posix capabilities Serge E. Hallyn
2006-08-14 22:06 ` Serge E. Hallyn
2006-08-15 0:20 ` Eric W. Biederman
2006-08-15 2:06 ` Serge E. Hallyn
2006-08-15 3:29 ` Eric W. Biederman
2006-08-15 4:22 ` Nicholas Miell
2006-08-15 11:49 ` Serge E. Hallyn
2006-08-15 12:20 ` Serge E. Hallyn
2006-08-15 19:31 ` Nicholas Miell
2006-08-15 19:41 ` Serge E. Hallyn
2006-08-15 16:18 ` Stephen Smalley
2006-08-15 16:36 ` Casey Schaufler
2006-08-16 2:42 ` Serge E. Hallyn
2006-08-16 13:20 ` Stephen Smalley
2006-08-17 12:00 ` Joshua Brindle
2006-08-17 12:28 ` Stephen Smalley
2006-08-21 20:36 ` Serge E. Hallyn
2006-08-28 21:39 ` Serge E. Hallyn
2006-08-29 18:37 ` Seth Arnold
2006-08-29 19:58 ` Serge E. Hallyn
2006-08-19 2:02 ` Crispin Cowan
2006-08-19 17:08 ` Casey Schaufler
2006-08-22 2:50 ` Serge E. Hallyn
2006-08-22 3:19 ` Seth Arnold
2006-08-19 2:02 ` Crispin Cowan [this message]
[not found] ` <44E1153D.9000102@ak.jp.nec.com>
[not found] ` <20060815021612.GC16220@sergelap.austin.ibm.com>
2006-08-15 3:48 ` KaiGai Kohei
2006-08-15 12:04 ` Serge E. Hallyn
2006-08-15 16:02 ` Casey Schaufler
2006-08-16 2:25 ` Serge E. Hallyn
-- strict thread matches above, loose matches on Subject: below --
2006-08-16 2:43 Albert Cahalan
2006-08-16 3:23 ` Serge E. Hallyn
2006-08-16 3:44 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44E6713C.8060005@novell.com \
--to=crispin@novell.com \
--cc=chrisw@sous-sol.org \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nmiell@comcast.net \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox