On Tue, Dec 8, 2009 at 10:07 AM, David P. Quigley <dpquigl@tycho.nsa.gov> wrote:
> I'd be willing to take a look at the framework and see if it really is
> SELinux centric. If it is we can figure out if there is a way to
> accomodate something like SMACK and FMAC. I'd like to hear from someone
> with more extensive experience with Solaris Trusted Extensions about how
> TX would make use of this. I have a feeling it would be similar to the
> way it deals with NFS which is by having the process exist in the global
> zone as a privileged process and then multi-plexes it to the remaining
> zones. That way their getpeercon would get a label derived from the
> zone.
Well, the old patches should still be available in the mailing list
archives. Maybe going back and looking at that code would be a good
place to start. The non-ripped-out code has been cleaned up a lot
since then, but at least it's a place to start.
...Robert