This is the mail archive of the systemtap@sources.redhat.com mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: separating policy and mechanism


Hi -


brad.chen wrote:

> Separation of policy from mechanism is an established tenet 
> of Unix system development. [...]

Indeed, it is a well known design principle: just abstract as the
concepts of "design" versus "implementation".  The missing link is
making it relevant to systemtap by mapping the terms to our peculiar
domain.

For example, by "mechanism" one might refer to the dispersed body of
code that will enforce the union of safety issues, and by "policy" one
might refer to the provision of a command line switch and its global
variable to pick a translation mode.  There is a "separation" by
definition, but it's kind of trivial, and is not the kind that the
portal/static-checker ideas require.

Since they depend on one's point of view, the uses of the term "safety
policy" and "safety mechanism" in your key questions list are not
dispositive about any particular implementation strategy.  Sure, we
might want the user to have more fine-grained control over operation
permissions, once we define such opportunities.  But that says nothing
about whether the enforcement of such permissions must take place with
regard to a separation boundary of any particular nature.


- FChE

Attachment: pgp00000.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]