> This idea allows to compile two or more security mechanism in the same binary,
> and adds a configuration parameter to choose a security mechanism on its startup
> time. So, a single security mechanism chosen works in same time, but multiple
> security mechanisms are built in compile time.
This is a good idea.
> Again, I cannot think it is a good idea to pack several values into a field.
I don't either. I think we need two fields. I can't imagine anyone
making a serious argument that we need to simultaneously support more
than one MAC system: you pick EITHER SELinux or Trusted Solaris, not
both.
But I can sure imagine someone wanting both MAC and DAC.
...Robert