On Fri, 2004-04-02 at 14:06, Dax Kelson wrote: > Obviously the features that POSIX file ACLs provides is a subset of what > SELinux provides. No. POSIX ACLs are a form of DAC, just slightly finer-grained. SELinux provides MAC. They are orthogonal. > I'm a fan of SELinux with it's way enforce the "correct behavior" of > applications, but if you are just narrowly looking at the a solution for > granular file permissions, then POSIX file ACLs are all you need. Not if you want to counter the classic limitations of DAC. > I suppose in a SELinux environment, POSIX file ACLs are redundant and > uneeded (except for the "default permissions" (ala a custom umask) for a > directory feature). > Speaking of which, how does SELinux file permissions interact with a > directory that has a default ACL applied? No, ACLS can still be useful for fine grained DAC. Both the DAC (ACLs or otherwise) and MAC must approve each operation. Why is DAC inadequate? - Decisions are only based on user identity and ownership. - There is no protection against flawed or malicious software. - Each user has complete discretion over his own objects. - There are typically only two major categories of users: administrators or others. - Many system services and privileged programs must run with coarse-grained privileges or even full administrator access. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
