Re: [PATCH] Smack: Simplified Mandatory Access Control Kernel

[Casey Schaufler]

--- Pavel Machek <pavel@xxxxxx> wrote:

> 
> > > but you written it in wrong language. You
> > > written it in C, while you should have written it in SELinux policy
> > > language (and your favourite scripting language as frontend).
> > 
> > I have often marvelled at the notion of a simplification layer.
> > I believe that you build complex things on top of simple things,
> > not the other way around.
> 
> As we have to maintain selinux, anyway, I don't see why simplification
> layer is a problem.

It's an issue if you want to do simple things, have the resources to
do simple things, but go over budget because the simple things are
built on top of complex things that you don't need. I see this crop
up frequently with IT infrastructures, where simple problems get
solved using completely unnecessary components just because those
components are available. If you want to maintain an SELinux policy
that looks like it does smackish things in addition to the reference
policy that's OK by me.


Casey Schaufler
casey@xxxxxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/