Among the areas for future work, he defines:
*Continued extension of SELinux architecture to the
desktop infrastructure and major applications. The
Imsep work mentioned in section 10.1 looks to be a
promising model for general separation of security
domains within applications.
• Working with the IETF to standardize Labeled
NFS, and with the Linux community to have it accepted
into the mainline kernel.
• Ongoing performance improvement, and efforts to
further reduce the memory footprint of SELinux.
• Further simplification of policy, perhaps through
the development of a higher-level policy language
with idioms more familiar to Linux administrators.
• Support for more virtualization models, including
Linux as hypervisor (e.g. KVM) and containers.
• Improved support for third party distribution of
policy modules, such as the case of cross-building
RPMs on systems with a conflicting host policy.
Continued usability improvements for end users,
administrators and developers.
• Better documentation.
No comments:
Post a Comment