On Sun, Aug 07, 2005 at 09:50:37PM -0700, Simon Gerraty wrote:
> 
> I'm actually looking at using verified exec to associate capabilities
> with certain apps - I'm already doing that now in a crude manner.
> It avoids needing to implement extended attributes, and since I
> digitally sign the manifest that verified exec is loaded from, I can
> trust the association.

I think this is the wrong way to go.  I think that it would be much better
to associate systrace policies with executables using verified exec, as
we discussed some months ago -- and this avoids adding another bag on the
side of the system that largely duplicates what systrace can do.

-- 
 Thor Lancelot Simon	                                      tls@rek.tjls.com

"The inconsistency is startling, though admittedly, if consistency is to be
 abandoned or transcended, there is no problem."		- Noam Chomsky