From: Russell Coker <russell@coker.com.au>
To: Denis Obrezkov <denisobrezkov@gmail.com>
Cc: selinux-refpolicy@vger.kernel.org
Subject: Re: Are we on the wrong track?
Date: Fri, 12 Jun 2020 21:53:35 +1000 [thread overview]
Message-ID: <18730491.WiRWafRUmg@liv> (raw)
In-Reply-To: <f4abbf59-5a51-31c5-ae39-6a43914b890b@gmail.com>
On Friday, 12 June 2020 9:00:05 PM AEST Denis Obrezkov wrote:
> At the same time, some parts of SELinux are very unstable. Like, MCS. It
> was introduced and it is used only for VM management. And mcstransd is
> bad. It's really bad. I was trying to use it and it was totally
> unstable. So, even if someone wants to use MCS - it is almost impossible
> because tools are unstable and MCS is already almost exclusively used by
> VMs.
Systemd has the ability to dynamically create and manage UIDs. It could do
the same with MCS categories. Having systemd manage multiple daemons doing
similar tasks with either MCS categories or the other systemd mechanisms
(namespaces etc) used to isolate them instead of different types is something
we could do. There are a heap of daemons that use a TCP or UDP socket, write
to logs, and maintain a data store (database server, proxy server, dhcp
server, and samba all look fairly similar from a certain perspective), having
an entirely separate policy for each one doesn't seem useful.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
next prev parent reply other threads:[~2020-06-12 11:53 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-12 0:03 Are we on the wrong track? Russell Coker
2020-06-12 7:05 ` Topi Miettinen
2020-06-12 8:02 ` Dac Override
2020-06-12 9:54 ` Russell Coker
2020-06-12 10:15 ` Dominick Grift
2020-06-12 12:05 ` Russell Coker
2020-06-12 12:26 ` Dominick Grift
2020-06-12 12:53 ` Russell Coker
2020-06-12 13:20 ` Dominick Grift
2020-06-14 16:30 ` Topi Miettinen
2020-06-12 11:00 ` Denis Obrezkov
2020-06-12 11:53 ` Russell Coker [this message]
2020-06-12 11:57 ` Dominick Grift
2020-06-12 12:52 ` Chris PeBenito
2020-06-12 13:02 ` Russell Coker
2020-06-12 14:03 ` bauen1
2020-07-16 14:09 ` Chris PeBenito
2020-07-19 19:29 ` bauen1
2020-07-21 14:22 ` Chris PeBenito
2020-06-15 13:52 ` Chris PeBenito
2020-06-15 21:02 ` Russell Coker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=18730491.WiRWafRUmg@liv \
--to=russell@coker.com.au \
--cc=denisobrezkov@gmail.com \
--cc=selinux-refpolicy@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.