Date: Mon, 31 Dec 2007 07:27:51 -0800 (PST)
From: Casey Schaufler <casey@schaufler-ca.com>
Reply-To: casey@schaufler-ca.com
Subject: Re: TOMOYO Linux Security Goal
To: Valdis.Kletnieks@vt.edu, Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: serue@us.ibm.com, linux-security-module@vger.kernel.org,
       linux-kernel@vger.kernel.org
In-Reply-To: <7781.1198996100@turing-police.cc.vt.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-ID: <728764.75184.qm@web36608.mail.mud.yahoo.com>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 930
Lines: 23


--- Valdis.Kletnieks@vt.edu wrote:
 
> I'm pretty sure that most of the security community agrees on what "correct"
> means - the disagreement is in the most cost-effective way to *create* one.

Struth. (I'm practicing my Australian, it's gotten rusty)
I say that the the only rational way to create a policy is to
decide what you want the system to do and create your policy
based on that. I think that calling something that does nothing
more than enforce existing behavior without thought on what the
behavior ought to be a "policy" does disservice to the entire
security community. I realize that I'm in the minority on this
one. Oh well.


Casey Schaufler
casey@schaufler-ca.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/