On Thu, 2006-09-21 at 10:15 -0400, Christopher J. PeBenito wrote: > On Thu, 2006-09-21 at 15:07 +0200, Salvo Giuffrida wrote: > > - What makes the access control of SELinux "mandatory"? The fact that normal > > users can't change the security policy? > > Yes. Policy only is set by the admin. Mandatory access control implies a bit more than just admin-only policy (otherwise AppArmor would qualify, as would many other things). In particular, we identify three properties for MAC: - complete mediation (control over all processes and objects), - complete and accurate basis for security decisions (decisions based on all security relevant information, and accurately reflecting the security properties of the process and object), - administrator-defined policy. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
