MAC kernel option

[mag]

> My impression has been that all the suffering was a result of turning on 
> Type Enforcement by default, as opposed to LSM by default.  

My impression was that selinux people suffered a lot because they turned
on the thing with a rather baroque, complicated policy, based on a model
which explodes when one tries to take more than one viewpoint in
account.

<rant>
The whole goal of Mandatory Access Control would be to have simple
(well, as simple as possible), treatable ruleset, which makes fiddling
with little gory details irrelevant (except when those little details
are part of the policy; ping in itself is certainly not such thing). It
shows cluelessnes to have hundreds of TPs in one system, more of
which have nothing to do with security services.
</rant>

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message