On Wed, 4 Mar 2015, Luke Kenneth Casson Leighton wrote:
and why he concludes that having a single hierarchy for all resource types.
correcting to add "is not always a good idea"
i think.... having a single hierarchy is fine *if* and only if it is possible to overlay something similar to SE/Linux policy files - enforced by the kernel *not* by userspace (sorry serge!) - such that through those policy files any type of hierarchy be it single or multi layer, recursive or in fact absolutely anything, may be emulated and properly enforced.
The fundamental problem is that sometimes you have types of controls that are orthoginal to each other, and you either manage the two types of things in separate hierarchies, or you end up with one hierarchy that is a permutation of all the combinations of what would have been separate hierarchies.
David Lang -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
