Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sunday 28 November 2010 22:40:41 brett mm wrote:
> > This is where, as a sysadmin, you need to invest just a little time and
> > effort learning the system. Honestly, the vast majority of issues are
> > trivial to solve if you just spend a few hours reading the docs/guides,
> > and even if you really can't be bothered there are kind folks on this
> > list (and others) that will likely solve your issues for you. How is
> > that not worth the extra security SELinux affords?
> 
> In reality, I am not at all sure that a quantum leap in complexity
> adds to security at all. Any proper use of old-school group
> permissions can give as finely-grained a security policy as you would
> like.

No, you're wrong --- SELinux exists precisely because the old-school 
permissions system is *not* fine-grained enough. That's why SELinux was 
actually invented, to introduce a more fine-grained control over access.

I am lazy to search now, but I remember seeing a couple of typical counter-
examples, where usual permissions system is completely incapable of 
implementing the level of access control that SELinux gives you. If you do a 
clever google search I am sure you can find some examples of this.

HTH, :-)
Marko

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux