On Fri, 2004-10-29 at 15:10, Darrel Goeddel wrote:
> Since the ability to perform dynamic transitions is controlled by
> separate permission from exec-based transitions (process setcurrent),
> policy writers have the ability to not use the new feature. The chain
> of allowable dynamic transitions is also controlled on a context-pair
> basis. This allows a "dynamic transition group" to be treated as an
> equivalence class for policy analysis.

Question for people writing policy analysis tools (some cc'd): What impact do you see such a change having on the ability to analyze policies? How difficult would it be to have your tools collapse the domains in one of these "dynamic transition groups" into a single equivalence class for information flow analysis?

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.