From: Casey Schaufler <casey@schaufler-ca.com>
To: Daniel J Walsh <dwalsh@redhat.com>,
SELinux <selinux@tycho.nsa.gov>,
LSM <linux-security-module@vger.kernel.org>
Subject: Re: Some of our customers are looking to turn on SELinux but they also want to use CSP from Symantec
Date: Fri, 19 Dec 2014 09:59:05 -0800 [thread overview]
Message-ID: <54946769.4030107@schaufler-ca.com> (raw)
In-Reply-To: <54945543.7090706@redhat.com>
On 12/19/2014 8:41 AM, Daniel J Walsh wrote:
> Currently Symantec requires SELinux be disabled, claiming there is
> conflicts in the kernel modules.
>
> http://www.symantec.com/connect/forums/does-scsp-agent-support-selinux
Based on the fact they are also disparaging AppArmor and a couple of
out-of-tree security modules, and that SELinux=permissive is not sufficient
I'm assuming it's an out-of-tree security module.
>
> As the customer wants to take advantage of certain SELinux features
> like sVirt for VMs and Docker Containers, this conflict is coming to a head.
>
> Is anyone familiar with whether or not this is a real conflict or just
> something assumed by Symantec?
>
> The customer like Symantec's ability to do intrusion detection and
> remote logging and configuration of CSB.
>
> Bottom line the customer wants both.
It would help if someone from the SELinux community would comment on
the v18 concurrent security modules patches. Moving that work forward
is your best step toward getting what you need. Of course, v18 doesn't
get you all the way, but it gets closer.
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
>
next prev parent reply other threads:[~2014-12-19 17:59 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-19 16:41 Some of our customers are looking to turn on SELinux but they also want to use CSP from Symantec Daniel J Walsh
2014-12-19 17:59 ` Casey Schaufler [this message]
2014-12-19 22:09 ` Paul Moore
2014-12-19 19:44 ` eric gisse
2014-12-19 19:54 ` Daniel J Walsh
2015-01-06 9:45 ` Miroslav Grepl
2015-01-06 13:53 ` Daniel J Walsh
2014-12-19 20:02 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54946769.4030107@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=dwalsh@redhat.com \
--cc=linux-security-module@vger.kernel.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.