--- David Howells <dhowells@redhat.com> wrote:
quoted text > Casey Schaufler <casey@schaufler-ca.com> wrote:
>
> > That happens to me when interfaces are described in SELinux terms. I
> > still don't care much for multiple contexts, and I don't have a good
> > grasp of how you'll deal with Smack, or any LSM other than SELinux.
>
> Me neither. I understand SELinux somewhat, though it's got a lot of wibbly
> bits, and WinNT's security system, but I have no experience of the other
> stuff.
>
> > Just as Stephen mentions, I also don't see the generality that a change
> > of this magnitude really ought to provide.
>
> Perhaps it should be a specific interface, solely for cachefiles's use then.
That would help focus things, to be sure. I don't know if that
focus will speed things up or slow them down, but I think that
attempting to accomodate SELinux/NFS, with the state that effort
is in, will only lead to tears.
Casey Schaufler
casey@schaufler-ca.com
--
unsubscribe notice To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
majordomo@vger.kernel.org
More majordomo info at
http://vger.kernel.org/majordomo-info.html
Please read the FAQ at
http://www.tux.org/lkml/
Messages in current thread:
Re: [PATCH 08/28] SECURITY: Allow kernel services to overr ... , Casey Schaufler , (Mon Dec 10, 4:56 pm)