Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tuesday, November 30, 2010 05:12:17 am John Doe wrote:
> From: Les Mikesell <lesmikesell@xxxxxxxxx>
> > why are you  putting blind faith in the SELinux code?
> Because it comes from the NSA!
> The backdoor experts... ;P

Also the SCIF experts. 

SCIFs are used by people other than intelligence agencies and in areas other than intelligence; HIPAA compliance, for instance.  The wikipedia article is a good read.

In other words, SELinux embodies the SCI 'need to know' paradigm in-kernel: the process's uid might have the clearance to access a piece of data, but if it doesn't have a need to access it shouldn't be allowed to access it.  And perhaps it can access, but not modify.  Perhaps it needs monitoring by other processes in order to access.  Etc.  SELinux gives the tools to allow the decoupling of 'cleared to know' with 'need to know.'
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux