If we were going to use the SELinux reference policy, I would
completely agree. However, looking at something that would focus
more on the SELinux privacy controls would limit the complexity.
You're correct that it might be easier to create an LSM that does
exactly what we want. Because of MeeGo policies though, that would
mean I would have to get it upstreamed first before we could use it
and that would be problematic.
-- Ryan Ware
That field will contain internal state information which is not
going to be exposed to anything outside the core code - except via
accessor functions. I'm tired of everyone fiddling in
core_internal_state__do_not_mess_with_it is clear enough, annoying
to type and easy to grep for. Offenders will be tracked down and
slapped with stinking trouts.
-- Thomas Gleixner
to post comments)