On Mon, 28 Dec 2009 20:51:49 +0900, Tetsuo Handa said:

(Hit send too soon)

> Both SELinux and TOMOYO have ability to cover all processes (from /sbin/init
> till /sbin/poweroff) or targeted processes (e.g. only daemons). But SELinux is
> not widely used for protecting all processes. TOMOYO can provide some
> protection for processes which SELinux doesn't protect.

OK, this was what I was talking about - what processes does TOMOYO protect
that SELinux doesn't?  Or are you suggesting "use TOMOYO when using the SELinux
'targeted' policy that only tracks some processes"?  It would seem that a better
solution there would be to just go ahead and use the 'strict' or 'mls' policies
if you want coverage of all processes - having some processes under SELinux
and some under TOMOYO rules is just asking for confusion...

> Also, people know we sometimes need to restrict string parameters for avoiding
> unwanted consequence. TOMOYO can pay attention to string parameters whereas
> SELinux can't.

Which string parameters are these?  Perhaps a better approach than trying to
layer all of TOMOYO on SELinux is to create a small targeted "look at string
parameters" LSM and run *that* on top. Would require LSM stacking, but so would
doing all of TOMOYO.