On Thu, 2004-11-04 at 23:06, Colin Walters wrote: > Why don't we just run say EROS (http://www.eros- > os.org/) instead? A: Because what makes SELinux interesting is that it > can run all of our legacy software. By not shipping it on everywhere, > we're not tapping that ability.
Some of us might argue that the EROS security model is inadequate... See DTMach/DTOS/Flask papers and reports for discussion of why capability-based models leave something to be desired. -- Stephen Smalley <[EMAIL PROTECTED]> National Security Agency
