I admit that my knowledge of this leaves much to be desired but i will ask anyway: If one defines mandatory as "enforced by the kernel", then do user space object managers provide mandatory access control? from my understanding user space object managers enforce security decisions made by the Linux security server. So can a compromised user space object manager ignore these security decisions made by the Linux security server? In other words are user space object manager really a way to enforce MAC or are they just another application layer access control when push comes to shove. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
