Re: secure computing for 2.6.7

From: Hans Reiser
Date: Sat Aug 07 2004 - 18:24:28 EST

Next message: David Ford: "Re: hda: dma_timer_expiry: dma status == 0x24"
Previous message: Måns Rullgård: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
In reply to: Stephen Smalley: "Re: secure computing for 2.6.7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stephen Smalley wrote:

On Wed, 2004-07-07 at 15:27, Hans Reiser wrote:

Am I right to think that this could complement nicely our plans described at www.namesys.com/blackbox_security.html

Hi Hans,

Out of curiosity, what do you think that this proposal will achieve that
cannot already be done via SELinux policy? SELinux policy can already
express access rules based not only on the executable and user, but even
the entire call chain that led to a given executable.

Where do you store the access rules? With the executable? How do you automate their determination?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Ford: "Re: hda: dma_timer_expiry: dma status == 0x24"
Previous message: Måns Rullgård: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
In reply to: Stephen Smalley: "Re: secure computing for 2.6.7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]