MAC kernel option
Robert Watson
rwatson at FreeBSD.org
Sun Sep 18 17:10:34 GMT 2005
On Sun, 18 Sep 2005, Scott Long wrote:
>> How about we introduce MPC_LOADTIME_FLAG_USELABELS which we can use for
>> MAC policies which require the use of labels. This way we conditionally
>> allocate label storage only if a policy which requires them is loaded.
>
> I think that it would be very good to take a _very_ close look at the
> experience that Fedora has had with enabling the linux framework by
> default.
My impression has been that all the suffering was a result of turning on
Type Enforcement by default, as opposed to LSM by default. The extra
costs we have in the MAC Framework largely derive from extra semantics we
offer -- whereas LSM is almost entirely a set of hooks, the MAC Framework
adds:
- Multi-policy support. This means we have to be more careful about
policy lists at run-time, providing synchronization.
- Stronger label semantics, and labels for different policies. For
example, we offer a caching event model for labels on files, whereas LSM
provides hooks where a policy can implement label caching.
While I don't follow the Fedora lists all that closely, my primary
impression of their experience was that running with fine-grained
mandatory access control by default was something of a shock to the
system, hence moving towards a targetted policy model with TE (et al).
Robert N M Watson
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list