On Tuesday 05 August 2008 11:00:31 pm Casey Schaufler wrote:I still don't understand how that is any different from a file or some other resource, local or remote. Assuming a single security label (tag, mark, mode, etc.) on an entity on which you wish to apply an access control decision the problem boils down to how do you internalize the security label in such a way that it can be useful for the security mechanism(s). In the case of a single LSM you do this once, in the case of multiple, stacked LSMs you do this multiple times. With multiple security markings on an entity then you have to decide if you want to consider every marking at each LSM instance, or a subset. The complexity in this case does go up dramatically, but I think the key point for our discussion is that it doesn't matter if the entity is a file or a packet. Once again, these points apply equally to files as they do to packets. -- paul moore linux @ hp --
| Jan Engelhardt | intel iommu (Re: -mm merge plans for 2.6.23) |
| Tarkan Erimer | Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3 |
| Rafael J. Wysocki | Re: Linux 2.6.27-rc5: System boot regression caused by commit a2bd7274b47124d2fc4d... |
git: | |
| Gerrit Renker | [PATCH 0/37] dccp: Feature negotiation - last call for comments |
| David Miller | [GIT]: Networking |
| Jarek Poplawski | [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock(). |
