[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <46BFC39F.1020703@manicmethod.com>
Date: Sun, 12 Aug 2007 22:36:15 -0400
From: Joshua Brindle <method@...icmethod.com>
To: Kyle Moffett <mrmacman_g4@....com>
CC: casey@...aufler-ca.com, linux-security-module@...r.kernel.org,
LKML Kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel
Kyle Moffett wrote:
> On Aug 12, 2007, at 15:41:46, Casey Schaufler wrote:
>
>> Your boolean solution requires more forthought than the Smack rule
>> solution, but I'll give it to you once you've fleshed out your "##"
>> lines.
>
> How does it require more forethought? When I want to turn it on, I
> write and load the 5 line policy then add the cronjobs. Yours
> involves giving cron unconditional permission to write to your
> security database (always a bad idea) and then adding similar cronjobs.
>
nit: without the selinux policy server (which is not production ready by
any means) we have to grant the same to cron in this case (or at least
to the domain that cron runs the cronjobs in). SELinux and Smack alike
need special permissions to modify the running policy, no surprises there.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists