Re: Updated SELinux Release
On Thu, 2004-11-04 at 23:06, Colin Walters wrote:
> Why don't we just run say EROS (http://www.eros-
> os.org/) instead? A: Because what makes SELinux interesting is that it
> can run all of our legacy software. By not shipping it on everywhere,
> we're not tapping that ability.
Some of us might argue that the EROS security model is inadequate...
See DTMach/DTOS/Flask papers and reports for discussion of why
capability-based models leave something to be desired.
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
Reply to: