The secmark "one user" policy
Casey Schaufler
casey at schaufler-ca.com
Wed Jun 21 00:41:42 UTC 2017
I'm looking at the secmark code and am looking in
particular at the places where it explicitly says
that it is intended for one security module at a
time. For extreme stacking I can either enforce this
restriction by configuration or remove it by clever
uses of secid mappings. Either can be made "transparent"
to existing user-space. Paul has expressed distaste for
using configuration as a shortcut for dealing with this
kind of problem, and I generally agree with him. On the
other hand, the code is quite clear that it is designed
for one and only one kind of secid at a time. I don't
want to put a lot of effort into patches that are
unacceptable to the author.
Thank you.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list