Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Stephen Smalley <sds <at> tycho.nsa.gov>
Subject: Re: [RFC][PATCH 0/11] security: AppArmor - Overview
Newsgroups: gmane.linux.kernel.lsm
Date: Tuesday 25th April 2006 17:29:54 UTC (over 11 years ago)
On Tue, 2006-04-25 at 09:00 -0700, Casey Schaufler wrote:
> The underlying mechanisms are more complex than
> Bell & LePadula MAC + Biba Integrity + POSIX Caps.

Until one also considers the set of trusted subjects in systems that
rely on such models.  That's the point.  Those subjects are free to
violate the "simple" models, at which point any analysis of the
effective policy of the system has to include them as well.  SELinux/TE
just makes the real situation explicit in the policy, and enables you to
tailor the policy to the real needs of applications while still being
able to analyze the result.

> I am not trying to knock SELinux (too hard) in
> this discussion. I do want to point out that many
> of the arguements being used against alternatives
> apply to SELinux as well. I do not understand why
> SELinux developers feel so threatened by alternatives.

We're not threatened by alternatives.  We're concerned about a
technically unsound approach.  The arguments being raised against
pathname-based access control are about the soundness of that technical
approach, not whether there should be any alternatives to SELinux.

-- 
Stephen Smalley
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
 
CD: 4ms