[Dev] Update of security framework repositories

Schaufler, Casey casey.schaufler at intel.com
Thu Feb 27 17:04:48 GMT 2014


From: Rafał Krypa [mailto:r.krypa at samsung.com]
Sent: Thursday, February 27, 2014 8:12 AM
To: dev at lists.tizen.org
Cc: Schaufler, Casey
Subject: Re: [Dev] Update of security framework repositories

On 2014-02-24 19:06, Schaufler, Casey wrote:

Systemd takes care of loading the Smack rules. The three domain model eliminates the need for "fast" rule loading.

We will have to deal with that sooner or later. Systemd has completely independent rule loading implementation that duplicates existing functionality and doesn't follow features and enhancements that are put into libsmack. Also if we consider policy loading apart from Tizen 3 and 3-domain policy, IMHO there are valid use cases of things like large policy

There we disagree. Large policy is inherently difficult to analyze, and being small enough to analyze is a basic characteristic of a secure system. However, I will grant that some people want to do it anyway. That’s why the loading performance changes got into the kernel.

and modify rules in files (four fields format).

The atomic modification has merit without bring performance into the equation.

Even if we agree that systemd support for loading the Smack rules is all that Tizen 3 needs, it would still be best if systemd could rely on libsmack to do that.

Yes, systemd should be using libsmack. That is work to be done.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tizen.org/pipermail/dev/attachments/20140227/adeafd4a/attachment.html>


More information about the Dev mailing list