Re: ACLs - Alan Cox

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: RazorBlu <razorblu@gmail.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: ACLs
Date: Sun, 06 Aug 2006 02:23:38 +0100	[thread overview]
Message-ID: <1154827418.10971.84.camel@localhost.localdomain> (raw)
In-Reply-To: <44D4EB88.6050406@gmail.com>

Ar Sad, 2006-08-05 am 21:03 +0200, ysgrifennodd RazorBlu:
> That is part of my point. The ACL system included with Linux (whether it 
> be the POSIX ACLs or SELinux) are too complex for use by most system 
> administrators, and so are overlooked. Actually, that last statement is 
> untrue - POSIX ACLs seem to be lacking slightly in functionality, and 
> SELinux is overly complicated (see a previous reply in which someone 
> else said that). AppArmor seems to be heading along the right tracks, 

It depends what you are trying to achieve. 

> policy for a service. However, it probably won't be included in the 
> kernel, especially in the near future (SELinux, which is associated with 
> the NSA, is already there - why add another one, even if it is more 
> advanced?)

I think the consensus if anything was more to adding AppArmor once it is
cleaned up than not. Its far more primitive than SELinux and has a very
basic security model but it can be easier to configure some basic setups
with it which makes it useful to some people

The LSM means the kernel doesn't have to have an opinion any more than
it has to define your choice of file system.

> Because SELinux is too complicated to be used effectively by most system 
> administrators - that's why.

Thats why vendors ship policies. Firewalling has the same problem.

Alan

next prev parent reply	other threads:[~2006-08-06  1:04 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-08-04 21:42 ACLs RazorBlu
     [not found] ` <1154729992.3573.35.camel@brianb>
2006-08-04 22:52   ` ACLs RazorBlu
2006-08-04 23:34     ` ACLs Kyle Moffett
2006-08-04 23:54       ` ACLs RazorBlu
2006-08-05  1:47         ` ACLs Jim Crilly
2006-08-05 19:03           ` ACLs RazorBlu
2006-08-05 20:50             ` ACLs Alistair John Strachan
2006-08-06  0:54             ` ACLs Jim Crilly
2006-08-06  1:23             ` Alan Cox [this message]
2006-08-05 14:07 ` ACLs Alan Cox

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1154827418.10971.84.camel@localhost.localdomain \
    --to=alan@lxorguk.ukuu.org.uk \
    --cc=linux-kernel@vger.kernel.org \
    --cc=razorblu@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox