[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [RFC] Checking the loaded policy against a policy on disk

To: "'James Morris'" <jmorris@xxxxxxxxx>, "'Stephen Smalley'" <sds@xxxxxxxxxxxxx>
Subject: RE: [RFC] Checking the loaded policy against a policy on disk
From: "Frank Mayer" <mayerf@xxxxxxxxxx>
Date: Fri, 19 Aug 2005 14:42:54 -0400
Cc: <selinux@xxxxxxxxxxxxx>, "'Daniel J Walsh'" <dwalsh@xxxxxxxxxx>, "'Steve G'" <linux_4ever@xxxxxxxxx>, <SELinux-dev@xxxxxxxxxx>
In-reply-to: <Pine.LNX.4.63.0508191105290.24678@xxxxxxxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx
Thread-index: AcWk0QptrXCV/RTQTiqp1Mrk6Egf+AAG9chQ

> Can you point me to the LSPP requirement which states that we need to
> do this? 

I was wondering that myself. I don't recall any such requirement. As long as
the policy files are protected against unauthorized access and procedures
for start up/initialization are documented in appropriate manual, we
shouldn't be "required" to have a demonstrable association (thought
something like this might be otherwise useful). I believe the requirements
are for TCB/TSF protection, not periodic guarantee checks (except for
FPT_AMT which explicitly only applies to hardware). Frank



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- RE: [RFC] Checking the loaded policy against a policy on disk
  - From: Stephen Smalley

References:
- Re: [RFC] Checking the loaded policy against a policy on disk
  - From: James Morris

Prev by Date: Re: kernel Oops from policy
Next by Date: Re: [RFC] Checking the loaded policy against a policy on disk
Previous by thread: Re: [RFC] Checking the loaded policy against a policy on disk
Next by thread: RE: [RFC] Checking the loaded policy against a policy on disk
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.