On Wed, 01 Jun 2005 23:29:59 BST, Mike Hearn said: > At the moment the focus seems to be on totally centralised policy for > everything the user might want to run (or be secured) ... I can't see this > scaling as SELinux enters the mainstream. Well, technically, if it isn't centralized, you don't have a prayer of any *real* enforcement. There's days when I think that Casey is right, and even the *current* strict scheme isn't centralized and top-down design enough. The average user can't write policy, and can't evaluate policy - and neither can the average developer. Quite frankly, most of the time I'm ecstatic if I can get a user or developer to state a coherent and realistic threat model. As a result, it will be a *long* time before we can realistically support any model other than telling developers to ask for help on the mailing list. Hopefully with the binary-policy stuff, at least the "how to deploy the pieces" part will become easier. There's additional good security reasons for the current model - the centralized policy is driven out of a centralized development tree, and the current open review structure both ensures double-checks and honesty among all concerned. It's hopefully pretty hard to sneak a backdoor (intentional or accidental) in when Dan Walsh, Russell Coker, and Stephen Smalley are all cross-checking each other - and everybody and their pet llama are sniping from the sidelines on this list :) On the other hand, there's no particular reason for anybody to trust a policy shipped with MobyFrobozz 0.9.4 if it hasn't been vetted by somebody. (Aside to the RedHat/Fedora developers - I *like* the description Chris PeBenito gave of how Gentoo is packaging it - he gave the example of 'ntp' having a pre-req of 'selinux-ntp'. Having the "owners" of the two packages be different people would address most of the issues this sort of thing causes....) And quite frankly, we're not 100% of the way to understanding how to even do a totally centralized policy - trying to expand out to other stuff might be foolhardy.
Attachment:
pgpn4yQz1xTX4.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
