Research
Skip Research Menus
Research MenuSecurity Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links |
SELinux Mailing ListRe: policy package names for Debian
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Fri, 28 Mar 2008 11:37:06 -0400
On Fri, 2008-03-28 at 10:50 -0400, Christopher J. PeBenito wrote:
Ah, that's likely true. And people do find the difference between MCS and MLS confusing as it is.
> I'm not convinced many people actually use MCS at all. Users have a For me, the value of MCS is getting the MLS support adequately tested and supported throughout the distribution. That's about it. The ideal scenario from a "mainstreaming MAC" perspective would be to have the real MLS constraints in place by default, and the only difference between the default setup and a MLS one would be whether one actually puts anything in any level other than s0. That would carry some cost from the constraint evaluation on compute_av calls, but that should be largely masked by the AVC. It shouldn't really affect memory or disk use as long as everything defaults to s0 and no categories. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Fri 28 Mar 2008 - 11:39:08 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |