Paul Moore wrote: <snip>
Yes, there are lots of way we could solve the signed policy format issue, I just don't have one in mind at this moment. Also, to be honest, there are enough limitations to signing SELinux policies that this isn't very high onmy personal SELinux priority list.
The fact that there are so many userspace specific parts of the policy that never make it into the kernel precludes any meaningful verification anyway.
And SELinux already has a mechanism for raising the integrity of a process to do things like signature checking in userspace, the domain transition. If someone wants validation of the SELinux policy they just need to eliminate every domains ability to load policy except for a trusted policy loader that does signature checking.
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
