Date: Thu, 25 Oct 2007 11:58:58 -0700 (PDT)
From: Casey Schaufler <casey@schaufler-ca.com>
Reply-To: casey@schaufler-ca.com
Subject: Re: [PATCH 2/2] Version 9 (2.6.24-rc1) Smack: Simplified Mandatory Access Control Kernel
To: Stephen Smalley <sds@tycho.nsa.gov>, casey@schaufler-ca.com
Cc: akpm@osdl.org, torvalds@osdl.org, linux-security-module@vger.kernel.org,
       linux-kernel@vger.kernel.org
In-Reply-To: <1193324834.2683.113.camel@moss-spartans.epoch.ncsc.mil>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-ID: <551347.37651.qm@web36604.mail.mud.yahoo.com>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1249
Lines: 33


--- Stephen Smalley <sds@tycho.nsa.gov> wrote:

> On Wed, 2007-10-24 at 20:46 -0700, Casey Schaufler wrote:
> ...
> > +Smack does not implement Domain Type Enforcement (DTE). If
> > +you want DTE Linux has an implementation called SELinux.
> > +Those who really want DTE are encouraged to use SELinux.
> > +Those who don't know what DTE is are encouraged to compare
> > +SELinux with Smack to determine which mechanisms are best
> > +suited to the problem at hand.
> 
> Nit: SELinux does not implement DTE.  DTE was a scheme introduced by Lee
> Badger et al to apply implicit typing based on pathname as a variant of
> the original type enforcement model.  SELinux is an implementation of
> the Flask security architecture for flexible MAC, along with an example
> security server that implements RBAC, TE, and MLS models, but not
> limited to them.

Okey Dokey. I'll fix that up.

Thank you for the review. I will have a look at all of the
individual comments.


Casey Schaufler
casey@schaufler-ca.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/