Low Watermark MAC (LOMAC) implementation for Linux

Robert Watson robert at cyrus.watson.org
Mon Oct 11 14:56:41 GMT 1999 

On Mon, 11 Oct 1999, Ilmar S. Habibulin wrote:

> On Sun, 10 Oct 1999, Robert Watson wrote:
> 
> > Ilmar--might be interesting to see if we could plug something like this
> > into FreeBSD.  We'd have to reimplement, of course, since it's in GPL...
> > Although it seems Tim distributes it purely as a kernel module with no
> > patches, so it might be possible to distribute a kernel module for FreeBSD
> > under GPL as long as it didn't come with the base distibution (undesirable
> > in the long term, but good enough for testing and exploring the usefulness
> > of the code and method).
> 
> Yes, of cause i'm interested. But sometimes dark thoughts visit me - maybe
> i should install Linux? ;-) Linux has mac, cap, acl. It just need a
> library libposix1e.so.

Interestingly, I have exchanged emails with Tim, and he describes lomac
with the following text:

    From a technical standpoint, LOMAC is designed to be portable between
    UNIXes (it has an OS-adaptation layer), and the makefiles are already
    aware of multiple platforms.  I started on BSD before switching to
    Linux, and lately I've been wanting to go back to BSD.  If you decide
    to port LOMAC back to BSD, I'd love to put your code into the
    distribution.

Again, haven't done a serious reading of the code yet so I don't know what
would be involved, but the idea of an OS-independent MAC subsystem sounds
pretty spiffy--I haven't really been following the MAC discussion about
the limitations of specific models (and therefore of the lomac
applicability), so I'm probably not qualified to comment of the generality
and usefulness of it as a technique :-).  I'll put a couple of hours into
it this morning...

  Robert N M Watson 

robert at fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services

To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message

More information about the posix1e mailing list