Re: difference between ACLs and SElinux

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Casey Schaufler <casey@schaufler-ca.com>
To: Bernd Petrovitsch <bernd@petrovitsch.priv.at>
Cc: bharat dhaker <bharat4u.u@gmail.com>,
	linux-kernel@vger.kernel.org, kernelnewbies@kernelnewbies.org,
	"linux-security-module@vger.kernel.org" 
	<linux-security-module@vger.kernel.org>
Subject: Re: difference between ACLs and SElinux
Date: Mon, 13 Feb 2012 10:14:43 -0800	[thread overview]
Message-ID: <4F395313.5030704@schaufler-ca.com> (raw)
In-Reply-To: <1329124259.25984.304.camel@thorin>

On 2/13/2012 1:10 AM, Bernd Petrovitsch wrote:
> Hi!
>
> On Mon, 2012-02-13 at 14:30 +0530, bharat dhaker wrote:
> [...]
>> I want to know the differences between ACLs and SElinux.

The differences are many:

ACLs are an extension of the standard Linux Discretionary
Access Control (DAC) mechanism. SELinux is a supplemental
Mandatory Access Control (MAC) scheme.

ACLs are based on the withdrawn POSIX P1003.1e/2c DRAFT
Standard and reflects a rough consensus of the industries
Unix security experts of its day. SELinux started out as
the Flask micro-kernel security architecture.

ACLs are part of the base kernel, while SELinux is a
Linux Security Module.

>> Does anyone know
>> which file-systems supports SElinux?

It's really much more the other way around. SELinux
uses extended attributes (xattrs) and can take advantage
of any filesystem that supports them.

> Google knows;-)
>
> Actually you make a small partition for each filesystem and try it out.
>
> 	Bernd

     prev parent reply	other threads:[~2012-02-13 18:14 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-02-13  9:00 difference between ACLs and SElinux bharat dhaker
2012-02-13  9:10 ` Bernd Petrovitsch
2012-02-13  9:10   ` Bernd Petrovitsch
2012-02-13 18:14   ` Casey Schaufler [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F395313.5030704@schaufler-ca.com \
    --to=casey@schaufler-ca.com \
    --cc=bernd@petrovitsch.priv.at \
    --cc=bharat4u.u@gmail.com \
    --cc=kernelnewbies@kernelnewbies.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.