Re: [PATCH] capabilites, take 2

From: Stephen Smalley
Date: Fri May 14 2004 - 11:06:28 EST

Next message: Jari Ruusu: "Re: [PATCH 2/2] Support for VIA PadLock crypto engine"
Previous message: Jeff Garzik: "Re: ata_piix: port disabled. ignoring."
In reply to: Andy Lutomirski: "Re: [PATCH] capabilites, take 2"
Next in thread: Andy Lutomirski: "Re: [PATCH] capabilites, take 2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2004-05-14 at 11:57, Andy Lutomirski wrote:
> Thanks -- turning brain back on, SELinux is obviously better than any
> fine-grained capability scheme I can imagine.
>
> So unless anyone convinces me you're wrong, I'll stick with just
> fixing up capabilities to work without making them finer-grained.

Great, thanks. Fixing capabilities to work is definitely useful and
desirable. Significantly expanding them in any manner is a poor use of
limited resources, IMHO; I'd much rather see people work on applying
SELinux to the problem and solving it more effectively for the future.

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jari Ruusu: "Re: [PATCH 2/2] Support for VIA PadLock crypto engine"
Previous message: Jeff Garzik: "Re: ata_piix: port disabled. ignoring."
In reply to: Andy Lutomirski: "Re: [PATCH] capabilites, take 2"
Next in thread: Andy Lutomirski: "Re: [PATCH] capabilites, take 2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]