Subject: Re: SE Linux vs SE NetBSD !!
To: Robert Watson <rwatson@FreeBSD.org>
From: Elad Efrat <elad@NetBSD.org>
Date: 08/25/2006 14:02:24
Robert Watson wrote:
> Some risk comes with the ability to offload decisions to user space --
> among other things, that the access control decision may not be
> performed atomically with respect to the security properties of the
> subject and object, as kernel locks tend not to be something that can be
> held over a user space up-call. Whether this is actually a problem
> depends entirely on the nature of the policy -- for some sorts of
> security policies, it is a show-stopper, but for others it is an
> acceptable trade-off as long as done intentionally.
That is certainly a valid concern; we're still looking at how to get
this done right. See thread: