WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Int

from [Chris Wright] [Permanent Link][Original]
To: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Intro
From: Chris Wright <chrisw@xxxxxxxxxxxx>
Date: Fri, 1 Sep 2006 11:57:38 -0700
Cc: Chris Wright <chrisw@xxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, xense-devel@xxxxxxxxxxxxxxxxxxx, Jun Koi <junkoi2004@xxxxxxxxx>
Delivery-date: Fri, 01 Sep 2006 11:58:08 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1157135088.22006.218.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <1157129851.22006.187.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <fdaac4d50609011036j116cc28cv9a39476702b23585@xxxxxxxxxxxxxx> <20060901175832.GB21066@xxxxxxxxxxxxxxxxxxxx> <1157135088.22006.218.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.2.1i 
* George S. Coker, II (gscoker@xxxxxxxxxxxxxx) wrote:
> On Fri, 2006-09-01 at 10:58 -0700, Chris Wright wrote:
> > * Jun Koi (junkoi2004@xxxxxxxxx) wrote:
> > > - LSM has a problem of not supporting stacking module, and that is
> > > really paint in the arse. How about XSM? Do you try to fix that
> > > problem?
> > 
> > I don't see anything in XSM that changes that limitation to LSM.  In fact,
> > it appears to not even support the very weak stacking via chaining
> > mechanism (which is a good plan in this case).  And it's questionable
> > at best.  Arbitrary security policies simply do not compose.
> 
> We have made a conscious decision not to bring LSM's stacking
> capabilities to Xen.

Yes, I think that's a wise decision (that's what I meant by good plan).

> Composition of security policies is difficult at
> best, and a given security modules behavior cannot be easily predicted
> under arbitrary stacking.  Arbitrary stacking risks eroding the security
> goals of an individual module while meeting few or none of the security
> goals of the user.  Stacking should be implemented within a security
> module that has been designed to stack specific modules to achieve a
> specific goal.

Indeed.  Sorry if my wording above was misleading, I'm in complete
agreement.

thanks,
-chris


> 
> George
> > thanks,
> > -chris
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [Xense-devel][RFC][PATCH][1/4] Xen Security Modules: XSM, Chris Wright
Next by Date:  Re: [Xen-devel] [Xense-devel][RFC][PATCH][1/4] Xen Security Modules: XSM, Chris Wright
Previous by Thread:  Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Intro, George S. Coker, II
Next by Thread:  [Xen-devel] [Xense-devel][RFC][PATCH][1/4] Xen Security Modules: XSM, George S. Coker, II
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy