(Illustration by Gaich Muramatsu)
Hi Chris, it seems Jan has well answered all relevant points, one thing though: On Mon, Mar 26, 2007 at 02:00:19PM -0400, Chris PeBenito wrote: > > attribute. I'm not even sure if it is appropriate, since such security > > labels define a local policy. > > I don't agree with this last point. If security was local to a machine, > there would never be anything like domains in Windows. SELinux is > already building up infrastructure for network policies in the same > administrative domain, and also researching policies between > administrative domains. The word "local" is heavily overloaded. A local policy in this context is a policy regulating the behaviour of a host (according to the context, of a file system client host). A policy remains local even when applied to more than one host/client, unless it happens to govern all of the hosts in the world. The policies of the Windows domains and even the cross-domain policies you mention are _local_ ones (in contrast to administration of the "rest of the world"'s hosts, governed by indefinite number of other local policies). Regards, RuneReceived on 2007-03-27 04:45:03