|
|
|
|
|
|
|
|
|
|
xense-devel
Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Int
* Jun Koi (junkoi2004@xxxxxxxxx) wrote:
> - So we can use XMS instead of ACM, thus we can remove ACM in the
> future? (same as LSM, which seems to monopoly the security policy of
> Linux? )
The question is whether you can implement ACM policy in the flask
policy language. My understanding it yes, it's possible, however it's
not obvious if it is a win. I believe the resulting memory footprints
would not compare well. Of course, Reiner and George will have a much
better idea than I ;-) In general, the advatage of XSM is choice.
> - LSM has a problem of not supporting stacking module, and that is
> really paint in the arse. How about XSM? Do you try to fix that
> problem?
I don't see anything in XSM that changes that limitation to LSM. In fact,
it appears to not even support the very weak stacking via chaining
mechanism (which is a good plan in this case). And it's questionable
at best. Arbitrary security policies simply do not compose.
thanks,
-chris
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|