--- Stephen Smalley <[EMAIL PROTECTED]> wrote: > On Mon, 2007-10-08 at 10:31 -0700, Casey Schaufler wrote: > > ... > > I wouldn't expect the whole thing to be more than a couple week's > > work for someone who really wanted to do it. > > Note that Serge said "SELinux re-written on top of Smack", not "rewrite > Smack to be more like SELinux".
Sorry, the subtlety of the difference seems insignificant to me. > I don't believe the former is even > possible, given that Smack is strictly less expressive and granular by > design. Rewriting Smack to be more like SELinux should be possible, As I outlined, it wouldn't be that hard to rewack SELinux from Smack. > but seems like more work than emulating Smack on SELinux via policy, Y'all keep saying that, but since noone has actually done that SELinux policy, or anything like it, I maintain that it's not as easy as you are inclined to claim. It is certainly not the "I'll whip it up this weekend" sort of task that some have suggested. > and to what end? Well, there is that. I personally think that one implementation of SELinux is plenty. On the other hand, I think that if the concept of a single security architecture has value the advocates of that position ought to be looking at SELinux on/of Smack just as carefully as they look at Smack on/of SELinux. If they are not, I suggest that the Single Security Architecture argument is a sophistic device rather than a legitimate issue of technology and should thus be ignored. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
