This is the mail archive of the systemtap@sources.redhat.com mailing list for the systemtap project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
Hi - brad.chen wrote: > Separation of policy from mechanism is an established tenet > of Unix system development. [...] Indeed, it is a well known design principle: just abstract as the concepts of "design" versus "implementation". The missing link is making it relevant to systemtap by mapping the terms to our peculiar domain. For example, by "mechanism" one might refer to the dispersed body of code that will enforce the union of safety issues, and by "policy" one might refer to the provision of a command line switch and its global variable to pick a translation mode. There is a "separation" by definition, but it's kind of trivial, and is not the kind that the portal/static-checker ideas require. Since they depend on one's point of view, the uses of the term "safety policy" and "safety mechanism" in your key questions list are not dispositive about any particular implementation strategy. Sure, we might want the user to have more fine-grained control over operation permissions, once we define such opportunities. But that says nothing about whether the enforcement of such permissions must take place with regard to a separation boundary of any particular nature. - FChE
Attachment:
pgp00000.pgp
Description: PGP signature
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |