On Sun, 30 Nov 2003 14:53, Colin Walters <[EMAIL PROTECTED]> wrote: > On Sat, 2003-11-29 at 22:47, David Spreen wrote: > > of their programs. the system could use a db of installed-package > > resources. Therefore we would need to create a common language that > > could be translated to any acl-format. > > This doesn't make sense. The basis of SELinux is Type Enforcement and > RBAC, not ACLs.
I think that was just a terminology error. > Trying to create some sort of "generic" security policy that could map > to a SELinux policy or grsecurity policy would be very difficult, and I > wouldn't trust my system's security to such a thing. It would be difficult, and the output of such a program would need to be checked by a human. But such a program should be able to at least reduce the difficulty of writing new policy. Maybe if Brian May is interested in getting a second Ph.D he can look at it... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
