Re: [RFC][PATCH 0/11] security: AppArmor - Overview

From: Casey Schaufler
Date: Tue Apr 25 2006 - 23:42:32 EST

Next message: Matthew Frost: "RE: C++ pushback"
Previous message: Serge E. Hallyn: "Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)"
In reply to: Randy.Dunlap: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: Stephen Smalley: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- "Randy.Dunlap" <rdunlap@xxxxxxxxxxxx> wrote:

> use that internet thing, e.g., www.dict.org, and
> look at "conflate".

OK. I am not conflating the policy issues and the
mechanism issue of SELinux. The mechanisms of SELinux
lead to the policy issues. A complete set of policies
for an SELinux system require an unreasonable number
of rules. This violates the Third item of the TCB
principle, which is the the TCB must be small enough
to analyse. The mechanisms are pointless without the
rules.

Conflating my forehead!

Casey Schaufler
casey@xxxxxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Matthew Frost: "RE: C++ pushback"
Previous message: Serge E. Hallyn: "Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)"
In reply to: Randy.Dunlap: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: Stephen Smalley: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]