On Fri, 2007-04-20 at 11:45 -0700, David Lang wrote: > On Thu, 19 Apr 2007, Stephen Smalley wrote: > > > already happened to integrate such support into userland. > > > > To look at it in a slightly different way, the AA emphasis on not > > modifying applications could be viewed as a limitation. Ultimately, > > users have security goals that go beyond just what the OS can directly > > enforce and at least some applications (notably things like X, D-BUS, > > PostgreSQL, etc) need to likewise support strong domain separation and > > controlled information flow through their own internal objects and > > operations. SELinux provides APIs and infrastructure for such > > applications, and has already done quite a bit of work in that space > > (D-BUS support, XACE/XSELinux, SE-PostgreSQL), whereas AA seems to have > > no interest in going there (and would have to recant its emphasis on no > > application mods to do so). If you actually want to truly confine a > > desktop application, you can't limit yourself to the kernel. And the > ^^^^^^^^^^^^^^^^^^^ > > > label model provides a unifying abstraction for dealing with all of > > these various objects, whereas the path/"natural abstraction" model has > > no unifying abstraction at all. > > > AA isn't aimed at confineing desktop applications. it's aimed at confining > server applications. this really is a easier task (if it happens to be useful > for some desktop apps as well, so much the better) > Steve's point holds equally well for server applications - SE-PostgreSQl is a good example. Karl - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
