|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Intro
* George S. Coker, II (gscoker@xxxxxxxxxxxxxx) wrote: > On Fri, 2006-09-01 at 10:58 -0700, Chris Wright wrote: > > * Jun Koi (junkoi2004@xxxxxxxxx) wrote: > > > - LSM has a problem of not supporting stacking module, and that is > > > really paint in the arse. How about XSM? Do you try to fix that > > > problem? > > > > I don't see anything in XSM that changes that limitation to LSM. In fact, > > it appears to not even support the very weak stacking via chaining > > mechanism (which is a good plan in this case). And it's questionable > > at best. Arbitrary security policies simply do not compose. > > We have made a conscious decision not to bring LSM's stacking > capabilities to Xen. Yes, I think that's a wise decision (that's what I meant by good plan). > Composition of security policies is difficult at > best, and a given security modules behavior cannot be easily predicted > under arbitrary stacking. Arbitrary stacking risks eroding the security > goals of an individual module while meeting few or none of the security > goals of the user. Stacking should be implemented within a security > module that has been designed to stack specific modules to achieve a > specific goal. Indeed. Sorry if my wording above was misleading, I'm in complete agreement. thanks, -chris > > George > > thanks, > > -chris > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |