Re: [Linux-privs-discuss] SELinux & Linux-privs projects

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Christoph Hellwig <hch@ns.caldera.de>
To: Stephen Smalley <sds@tislabs.com>
Cc: selinux@tycho.nsa.gov, linux-privs-discuss@sourceforge.net
Subject: Re: [Linux-privs-discuss] SELinux & Linux-privs projects
Date: Thu, 11 Jan 2001 17:16:02 +0100	[thread overview]
Message-ID: <20010111171602.B5816@caldera.de> (raw)
In-Reply-To: <Pine.SOL.3.95.1010111104920.23465S-100000@clipper.gw.tislabs.com>; from sds@tislabs.com on Thu, Jan 11, 2001 at 11:04:32AM -0500

On Thu, Jan 11, 2001 at 11:04:32AM -0500, Stephen Smalley wrote:
> Allow me to clarify about SELinux.  I'll respond to your points
> in reverse order.  SELinux and Linux-privs are NOT different ways
> to achieve the same goal.  SELinux provides a flexible mandatory
> access control architecture.  The architecture can enforce a wide
> variety of security policies.  It can enforce the separation of
> information based on confidentiality and integrity requirements.
> This is quite different from Linux Privs, which provides a mechanism
> for decomposing superuser privileges.

The capabilities do that, right.  But if I'm not completly wrong
Linux-Privs stands for all the Posix 1003.1e stuff, but currently
only caps are implemented, though work is done on other parts
(acl, aud, mac).

> It is also quite different
> from POSIX.1e mandatory access controls, which are tied to a 
> specific kind of mandatory security policy.

Capabilities and mac are of course different, otherwise you probably
won't find them in the same posix standard...

> It is also inaccurate to suggest that the issue is placing policy
> in the kernel.  SELinux provides clean separation of policy from
> enforcement, with the security policy cleanly encapsulated
> in a single component of the operating system called the
> security server with a general interface.  Many different
> security server implementations are possible, including
> implementations that consult user space servers.

Then you basically end up with rsbac.  But your current code does not
look like you provide support for that.

> The
> example security server implementation consists of a
> basic policy engine that consults a security policy configuration
> read from a file.  This is also a false comparison, because
> the POSIX.1e mandatory access control policy implementation would
> likewise involve a kernel component, and it is more likely to
> involve policy-specific code being used by other components of
> the kernel.

No.  The pocily for posix 1003.1e mac is set from usespace and stored
in extented attributes, at least in the TrustedBSD version, my initial
Linux hack and SGIs version.

	Christoph

-- 
Whip me.  Beat me.  Make me maintain AIX.


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2001-01-11 17:50 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-01-11 14:44 SELinux & Linux-privs projects Jeffry Smith
2001-01-11 15:20 ` Stephen Smalley
2001-01-11 16:41   ` Huagang Xie
2001-01-11 16:46     ` [Linux-privs-discuss] " Christoph Hellwig
2001-01-11 15:45 ` [Linux-privs-discuss] " Christoph Hellwig
2001-01-11 16:04   ` Stephen Smalley
2001-01-11 16:16     ` Christoph Hellwig [this message]
2001-01-11 16:48       ` Stephen Smalley
2001-01-11 17:35         ` Casey Schaufler
2001-01-11 18:31           ` Stephen Smalley
2001-01-11 18:56             ` (offtopic) " Andrew Morgan
2001-01-11 18:59             ` Christoph Hellwig
2001-01-11 20:54               ` Stephen Smalley
2001-01-12  0:25             ` [Linux-privs-discuss] " Casey Schaufler
2001-01-11 16:59       ` Stephen Smalley
2001-01-23 16:13         ` Robert Watson
  -- strict thread matches above, loose matches on Subject: below --
2001-01-11 23:10 Jesse Pollard
2001-01-12 21:31 ` LA Walsh
2001-01-12 23:02 Jesse Pollard
2001-01-12 23:36 ` LA Walsh
     [not found] <01011220390900.30390@tabby>
2001-01-16 20:15 ` LA Walsh
2001-01-16 22:00 Jesse Pollard
2001-01-17  0:30 ` LA Walsh
2001-01-17 15:22 Jesse Pollard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20010111171602.B5816@caldera.de \
    --to=hch@ns.caldera.de \
    --cc=linux-privs-discuss@sourceforge.net \
    --cc=sds@tislabs.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.