On Thu, 14 Jun 2007, Toshiharu Harada wrote: > TOMOYO Linux has a mode called "learning" > in addition to "permissive" and "enforce". You can easily > get the TOMOYO Linux policy with learning mode that > SELinux does not have.
Blindly generating security policy through observation of the system is potentially dangerous for many reasons. See <http://securityblog.org/brindle/2006/03/25/security-anti-pattern-status-quo-encapsulation/> Note that while SELinux does also have a similar capability with the audit2allow tool, it should be considered an expert tool, the output of which needs to be understood before use (as noted in its man page). > In addition, access control mode of > TOMOYO Linux can be managed for every difference domain. We have considered per-domain enforcing mode a couple of times in the past, but figured that it could be implemented via policy alone (e.g. run the task in a domain where all accesses are allowed and logged); and it would also be of limited usefulness because of the aforementioned problems with learning mode security policy. - James -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
