On Fri, 2005-01-14 at 16:42 +0000, Mike Hearn wrote: > > Slightly off-topic, but my only "fear" with replacing DAC with MAC This has come up periodically on the SELinux list, but it is not easy. You need to ensure that you're not introducing any new flaws. > Yes, this worries me too. I don't know if SELinux is badly designed or if > MAC in general is just a very hard problem, or even if Red Hat are being > overly ambitious. I'm not aware of any attempts to do something like this > before. There has been no previous attempt to integrate fine-grained MAC pervasively into a mainstream version of a mainstream operating system. That's the goal of SELinux. Anyways, for the purposes of GNOME, we should not be designing anything that requires SELinux, particularly a nonexistent version which can override DAC.
Attachment:
signature.asc
Description: This is a digitally signed message part