Hi! > > I will write you a Perl script which will generate a complete > > and functionally equivalent SELinux policy (assuming I have enough > > free time) given a file with your policy language. But I can do this > > if and only if you tell me which of the SELinux access vectors you > > care about (In other words, which of the LSM hooks you want to > > require "read", "write", or "execute" privileges for). With such a > > little script you could write all the "simplified" policy you want, > > without having to change the kernel code at all. > > It's all spelled out in the module. Go wild.
Kyle claims he can emulate SMACK with SELinux + perl script, but I don't think it is fair to force him to write that perl. You want the code merged, so it should be up to you to do the work... or acknowledge that selinux ineed is smack supperset and argue that SMACK is better, anyway, because of its simplicity / speed / something. Or maybe that perl script is impossible to write for some reason? Tell us if so... Pavel (who is no security expert) -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/