On 2007-06-22T07:53:47, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> > No the "incomplete" mediation does not flow from the design. We have
> > deliberately focused on doing the necessary modifications for pathname
> > based mediation. The IPC and network mediation are a wip.
> The fact that you have to go back to the drawing board for them is that
> you didn't get the abstraction right in the first place.
That's an interesting claim, however I don't think it holds. AA was
designed to mediate file access in a form which is intuitive to admins.
It's to be expected that it doesn't directly apply to mediating other
forms of access.
> I think we must have different understandings of the words "generalize"
> and "analyzable". Look, if I want to be able to state properties about
> data flow in the system for confidentiality or integrity goals (my
> secret data can never leak to unauthorized entities, my critical data
> can never be corrupted/tainted by unauthorized entities - directly or
> indirectly),
I seem to think that this is not what AA is trying to do, so evaluating
it in that context doesn't seem useful. It's like saying a screw driver
isn't a hammer, so it is useless because you have a nail.
Regards,
Lars
--
Teamlead Kernel, SuSE Labs, Research and Development
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
"Experience is the name everyone gives to their mistakes." -- Oscar Wilde
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
