Re: [RFC][PATCH 0/11] security: AppArmor - Overview
From: Karl MacMillan
Date: Thu Apr 27 2006 - 10:49:38 EST
On Wed, 2006-04-26 at 17:21 -0700, Casey Schaufler wrote:
>
> --- Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
>
> > On Tue, 2006-04-25 at 20:42 -0700, Casey Schaufler
> > wrote:
>
> > > Conflating my forehead!
> >
> > The policy is analyzable, and there are tools (apol
> > and slat) that do precisely that.
>
> Ok. I remain unconvinced, in part because the analysis
> requires tools.
>
Not certain what you mean by requires - it is possible to do policy
analysis manually, though the tools certainly bring more rigor. Analysis
of SELinux policies is not simply possible in theory - it has been done
by us (Tresys) and others.
Karl
--
Karl MacMillan
Tresys Technology
www.tresys.com
> > Including information flow analysis
> > and invariant checking.
>
> Ok. Fair enough.
>
> > What's your problem, again?
>
> You keep asking that.
>
> I seem to have fallen off topic, which happens
> sometimes, and I apologize for falling into this
> long standing and overly religeous debate. I
> have failed to present my case with sufficient
> clarity to prove convincing once again. Perhaps
> one day I'll get it right. Perhaps one day I'll
> figure out why I'm wrong.
>
>
>
> Casey Schaufler
> casey@xxxxxxxxxxxxxxxx
> -
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/