|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Intro
* Jun Koi (junkoi2004@xxxxxxxxx) wrote: > - So we can use XMS instead of ACM, thus we can remove ACM in the > future? (same as LSM, which seems to monopoly the security policy of > Linux? ) The question is whether you can implement ACM policy in the flask policy language. My understanding it yes, it's possible, however it's not obvious if it is a win. I believe the resulting memory footprints would not compare well. Of course, Reiner and George will have a much better idea than I ;-) In general, the advatage of XSM is choice. > - LSM has a problem of not supporting stacking module, and that is > really paint in the arse. How about XSM? Do you try to fix that > problem? I don't see anything in XSM that changes that limitation to LSM. In fact, it appears to not even support the very weak stacking via chaining mechanism (which is a good plan in this case). And it's questionable at best. Arbitrary security policies simply do not compose. thanks, -chris _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |