--- Crispin Cowan <[EMAIL PROTECTED]> wrote: > Dr. David Alan Gilbert wrote: > ... > > Can you explain why you want a non-privileged user to be able to edit > policy? I would like to better understand the problem here. > > Note that John Johansen is also interested in allowing non-privileged > users to manipulate AppArmor policy, but his view was to only allow a > non-privileged user to further tighten the profile on a program. To me, > that adds complexity with not much value, but if lots of users want it, > then I'm wrong :)
Now this is getting interesting. It looks to me as if you've implemented a mandatory access control scheme that some people would like to be able to use as a discretionary access control scheme. This is creepy after seeing the MCS implementation in SELinux, which is also a DAC scheme wacked out of a MAC scheme. Very interesting indeed. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
