Kernel Summit 2006: Security
Posted Jul 20, 2006 23:39 UTC (Thu) by crispin
In reply to: Kernel Summit 2006: Security
Parent article: Kernel Summit 2006: Security
"... the Flask architecture within
SELinux, which establishes a framework with well-defined semantics that
can support a wide range of security models, but not arbitrary ones." --Stephan Smalley, http://lkml.org/lkml/2006/4/20/110
So it is not true that Flask can support *any* kind of security server. In particular, Flask cannot support the AppArmor model.
There are 13 known modules built on top of LSM, and AFAIK the only models built on top of Flask are those that Method quoted. This would seem to argue that LSM is both more general and more useful.
LSM is not perfect, and we (Novell/SUSE) would be happy to work with anyone who is interested in improving it, so long as "improve" includes at least preserving its current generality (ability to support these security models). This is the whole reason LSM exists; so that the Linux community does not have to choose One True Security Model, because the security community itself has never agreed on a model.
to post comments)