Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel

From: Pavel Machek
Date: Tue Aug 21 2007 - 05:34:46 EST


Hi!

> > Ergo the only
> > people who should be writing security policy for deployment are those
> > people who have studied and trained in the stuff. Those people are
> > also known as "security professionals".
>
> If only security professionals can use the system you have failed
> to provide a general purpose facility. It may have value in limited
> circumstances but it is not for everybody.

But that's okay. Maybe SElinux is not simple enough to use for
everyone, but that does not mean you can't auto-generate policy from
something else, "easy to understand".

IOW smack may be great idea, but you written it in wrong language. You
written it in C, while you should have written it in SELinux policy
language (and your favourite scripting language as frontend).
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/