From: "Lorenzo Hernández García-Hierro" <lorenzo@gnu.org>
To: Juan Espino <jp_espino@hotmail.com>
Cc: mayerf@tresys.com, selinux@tycho.nsa.gov
Subject: RE: Bell & Lapadula Model
Date: Sun, 20 Feb 2005 20:11:39 +0100 [thread overview]
Message-ID: <1108926699.4100.31.camel@localhost.localdomain> (raw)
In-Reply-To: <BAY19-F67BE31277B62F3C14864B846F0@phx.gbl>
[-- Attachment #1: Type: text/plain, Size: 1827 bytes --]
El sáb, 19-02-2005 a las 17:29 +0000, Juan Espino escribió:
> Wao, Thanks for your explanations. SELinux supports more applications than
> RSBAC ¿?
Both frameworks / security suite in SELinux case support an huge amount
of applications because this is independent of the framework/engine
itself, instead, both use policies that can be handled in a fine-grained
manner (most in SELinux case AFAIK).
Sample/default policies such as NSA SELinux policy available for
download from nsa.gov, make the installation easier, but the
administrator is the person in charge of maintaining a concrete policy
for his proper circumstances and case.
They provide the minimal config. to make applications to work as *they
are expected to do*, allowing only the default operations to make the
app. just working, but this differs in personal and concrete
circumstances as I commented above (ie. Fedora C3 & other RH's goodies
policies), so, fine-tuning is needed if the administrator wants to take
advantage of all the power that SELinux can provide.
It's a decision up to you whatever solution to use, just that I don't
want to enter in flames due to personal remarking, but I've used SELinux
more than RSBAC and I think that with a good policy and knowledge
(minimal I mean) on it, you can make even more profit than using RSBAC,
among that SELinux is used under critical environments and developed by
people who can't buy unexpected issues.
Anyways, both are great solutions, so, the decision is up to you.
RSBAC has an huge amount of documentation and well-explained models, and
the people maintaining it are also good guys that do good work.
I hope my comments could help you.
Cheers,
--
Lorenzo Hernández García-Hierro <lorenzo@gnu.org>
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
[-- Attachment #2: Esta parte del mensaje está firmada digitalmente --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next parent reply other threads:[~2005-02-20 19:14 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <BAY19-F67BE31277B62F3C14864B846F0@phx.gbl>
2005-02-20 19:11 ` Lorenzo Hernández García-Hierro [this message]
[not found] <Xine.LNX.4.44.0502171518030.7638-100000@thoron.boston.redhat.com>
2005-02-17 22:21 ` Bell & Lapadula Model Frank Mayer
2005-02-17 23:25 ` Lorenzo Hernández García-Hierro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1108926699.4100.31.camel@localhost.localdomain \
--to=lorenzo@gnu.org \
--cc=jp_espino@hotmail.com \
--cc=mayerf@tresys.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.