On Oct 7, 2004, at 18:40, David Hollis wrote:
Not to put SELinux in bad company, but the level of security provided by
SELinux is very similar to what is provided by the Windows NT/XP
security system and that doesn't seem to bother people too much. Of
course, MS essentially turns it off to prevent that!
That's esentially wrong. Windows does support Discretionary Access Control which, althogh it's a little bit more advanced than UNIX DAC, it's not Mandatory Access Control. Don't get confused: SELinux is Mandatory Access Control, while uid/gid/masks are Discretionary Access Control.
They are such different beasts: With DAC, permissions over resources are managed by their owners (root or users). In a MAC-based system, a policy governs how the system security behaves, and the policy is set up by an administrator and obeyed by everyone.
