Re: SELinux Coloring book?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/13/2013 12:35 PM, Dominick Grift wrote:
> On Wed, 2013-11-13 at 11:13 -0600, Bruno Wolff III wrote:
>> On Wed, Nov 13, 2013 at 17:10:43 +0000, Tony Scully
>> <tonyjscully@xxxxxxxxx> wrote:
>>> That's excellent!
>> 
>> The mls case might have been overly simplified. It didn't cover writing,
>>  where the dominance goes in the other direction. People might be
>> incorrectly left with the impression the top secret can do everything
>> that secret can do. --
> 
> I agree with you on the danger of oversimplification in generel with regard
> to explaining SELinux
> 
> This is also why i find it sub-optimal to leave the two other default 
> security models out of the equation (RBAC/IBAC)
> 
> It is mentioned in the article that SELinux complements Linux security, by
> briefly touching on IBAC one would clarify at least to some degree how
> SELinux associates with Linux security
> 
> RBAC by itself is worth mentioning in my view, if only to have touched on
> each security attribute in a security context tuple.
> 
> The idea of the illustrated article is nice, but the article is not 
> comprehensive.
> 
> Granted, there are constraints. You cannot simply publish a three page 
> article on a medium like this i suspect
> 
> 
> 
Maybe a followup that describes RBAC.  Not sure how the analogy would work
though.

Suggestions welcome.

Dog Role, See Eye Dog Role, Rescue Dog Role.

RBAC is always hard to describe especially when you start defining SELinux Users.

Login User -> SELinux User -> roles -> Types.

The Russian dolls model is the best I have come up with.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlKDwH0ACgkQrlYvE4MpobOmDACgnwBUbk7Vg1DwpkGTO8SenHLD
dFwAoOmzqZ+sfFVRkHH4r+hbxS8x1sgK
=ge9w
-----END PGP SIGNATURE-----
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux