public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Casey Schaufler <casey@schaufler-ca.com>
To: Stephen Smalley <sds@tycho.nsa.gov>, casey@schaufler-ca.com
Cc: "Serge E. Hallyn" <serge@hallyn.com>,
	Kyle Moffett <mrmacman_g4@mac.com>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Bill Davidsen <davidsen@tmr.com>,
	James Morris <jmorris@namei.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel
Date: Tue, 9 Oct 2007 09:02:42 -0700 (PDT)	[thread overview]
Message-ID: <700885.76235.qm@web36601.mail.mud.yahoo.com> (raw)
In-Reply-To: <1191937926.24970.69.camel@moss-spartans.epoch.ncsc.mil>


--- Stephen Smalley <sds@tycho.nsa.gov> wrote:

> On Mon, 2007-10-08 at 10:31 -0700, Casey Schaufler wrote:
> > ...
> > I wouldn't expect the whole thing to be more than a couple week's
> > work for someone who really wanted to do it.
> 
> Note that Serge said "SELinux re-written on top of Smack", not "rewrite
> Smack to be more like SELinux".

Sorry, the subtlety of the difference seems insignificant to me.

> I don't believe the former is even
> possible, given that Smack is strictly less expressive and granular by
> design. Rewriting Smack to be more like SELinux should be possible,

As I outlined, it wouldn't be that hard to rewack SELinux from Smack.

> but seems like more work than emulating Smack on SELinux via policy,

Y'all keep saying that, but since noone has actually done that
SELinux policy, or anything like it, I maintain that it's not as
easy as you are inclined to claim. It is certainly not the "I'll
whip it up this weekend" sort of task that some have suggested.

> and to what end?

Well, there is that. I personally think that one implementation of
SELinux is plenty.

On the other hand, I think that if the concept of a single security
architecture has value the advocates of that position ought to be
looking at SELinux on/of Smack just as carefully as they look at
Smack on/of SELinux. If they are not, I suggest that the Single
Security Architecture argument is a sophistic device rather than
a legitimate issue of technology and should thus be ignored.


Casey Schaufler
casey@schaufler-ca.com

  reply	other threads:[~2007-10-09 16:02 UTC|newest]

Thread overview: 79+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-09-30  0:20 [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel Casey Schaufler
2007-09-30  8:16 ` Andrew Morton
2007-09-30  8:42   ` Andi Kleen
2007-09-30 17:14     ` Casey Schaufler
2007-09-30 17:34       ` Andi Kleen
2007-09-30 23:24         ` david
2007-09-30 17:29     ` Joshua Brindle
2007-09-30 17:39       ` Andi Kleen
2007-09-30 19:07         ` Theodore Tso
2007-09-30 20:05           ` Andi Kleen
2007-09-30 20:22             ` Theodore Tso
2007-10-01 20:28             ` Casey Schaufler
2007-09-30 20:18           ` Paul Moore
2007-09-30  9:53   ` Christoph Hellwig
2007-09-30 17:19     ` Casey Schaufler
2007-10-02  8:36     ` Thomas Bleher
2007-09-30 17:02   ` Casey Schaufler
2007-09-30 20:30   ` Paul Moore
2007-10-01 11:33   ` James Morris
2007-10-01 15:07     ` Linus Torvalds
2007-10-01 15:40       ` Stephen Smalley
2007-10-01 16:04         ` Linus Torvalds
2007-10-01 17:54           ` Olivier Galibert
2007-10-02 21:02           ` Bill Davidsen
2007-10-02 21:20             ` Linus Torvalds
2007-10-02 23:25               ` Linus Torvalds
2007-10-03  0:12                 ` Alan Cox
2007-10-04 22:56                   ` Derek Fawcus
2007-10-04 23:18                     ` Chuck Ebbert
2007-10-04 23:44                       ` Derek Fawcus
2007-10-03  5:32                 ` Crispin Cowan
2007-10-03  3:54               ` Bill Davidsen
2007-10-03  4:52                 ` Linus Torvalds
2007-10-05  1:44                   ` Eric W. Biederman
2007-10-05  3:04                     ` Kyle Moffett
2007-10-05  4:45                       ` Eric W. Biederman
2007-10-05  5:48                         ` Kyle Moffett
2007-10-05 16:27                           ` Casey Schaufler
2007-10-05 18:42                             ` Stephen Smalley
2007-10-05 20:08                               ` Casey Schaufler
2007-10-05 20:11                               ` Eric W. Biederman
2007-10-08 17:50                                 ` Casey Schaufler
2007-10-08 18:47                                   ` Eric W. Biederman
2007-10-08 18:53                                     ` Serge E. Hallyn
2007-10-08 21:05                                     ` Casey Schaufler
2007-10-08 16:18                             ` Serge E. Hallyn
2007-10-08 17:31                               ` Casey Schaufler
2007-10-09 13:52                                 ` Stephen Smalley
2007-10-09 16:02                                   ` Casey Schaufler [this message]
2007-10-08 23:24                               ` Bill Davidsen
2007-10-08 16:06                         ` Serge E. Hallyn
2007-10-08 17:20                           ` Eric W. Biederman
2007-10-08 18:00                             ` Serge E. Hallyn
2007-10-08 19:29                               ` Eric W. Biederman
2007-10-08 19:50                               ` Eric W. Biederman
2007-10-08 20:39                                 ` Casey Schaufler
2007-10-08 21:02                                   ` Eric W. Biederman
2007-10-08 21:20                                 ` Alan Cox
2007-10-10 13:48                                   ` Eric W. Biederman
2007-10-10 15:45                                     ` Stephen Smalley
2007-10-10 17:57                                       ` Casey Schaufler
2007-10-11 10:46                                         ` Kyle Moffett
2007-10-11 15:41                                           ` Casey Schaufler
2007-10-11 18:53                                             ` Kyle Moffett
2007-10-11 20:09                                               ` Alan Cox
2007-10-08 21:51                                 ` Crispin Cowan
2007-10-30  4:01                               ` Kazuki Omo(Company)
2007-10-30 15:07                                 ` Casey Schaufler
2007-10-08 20:25                             ` Casey Schaufler
2007-10-08 20:57                               ` Eric W. Biederman
2007-10-06 19:14                       ` Bill Davidsen
2007-10-03  0:10             ` Alan Cox
2007-10-03  0:18               ` Linus Torvalds
2007-10-01 16:39         ` Casey Schaufler
2007-10-01 19:00         ` Theodore Tso
2007-10-01 15:38     ` Casey Schaufler
2007-10-01 20:49   ` Jan Engelhardt
2007-10-01  3:47 ` Serge E. Hallyn
2007-10-01  4:15   ` Casey Schaufler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=700885.76235.qm@web36601.mail.mud.yahoo.com \
    --to=casey@schaufler-ca.com \
    --cc=akpm@linux-foundation.org \
    --cc=davidsen@tmr.com \
    --cc=ebiederm@xmission.com \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mrmacman_g4@mac.com \
    --cc=sds@tycho.nsa.gov \
    --cc=serge@hallyn.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox