From: Stephen Smalley <sds@xxxxxxxxxxxxx>
To: "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx>
CC: Salvo Giuffrida <giuffsalvo@xxxxxxxxxx>, fedora-selinux-list@xxxxxxxxxx
Subject: Re: A few questions
Date: Thu, 21 Sep 2006 10:53:53 -0400
On Thu, 2006-09-21 at 10:15 -0400, Christopher J. PeBenito wrote:
> On Thu, 2006-09-21 at 15:07 +0200, Salvo Giuffrida wrote:
> > - What makes the access control of SELinux "mandatory"? The fact that
normal
> > users can't change the security policy?
>
> Yes. Policy only is set by the admin.
Mandatory access control implies a bit more than just admin-only policy
(otherwise AppArmor would qualify, as would many other things). In
particular, we identify three properties for MAC:
- complete mediation (control over all processes and objects),
Isn't there complete control also on standard Linux with DAC? What are
things not controlled? Virtual filesystems?
- complete and accurate basis for security decisions (decisions based on
all security relevant information, and accurately reflecting the
security properties of the process and object),
Security relevant information, such as? Level of confidentiality, role,
and...?
Do you know a repository for Fedore where I can find the source rpms for the
targeted and/or the strict policy?
Thanks
- administrator-defined policy.
--
Stephen Smalley
National Security Agency
_________________________________________________________________
Ricerche online più semplici e veloci con MSN Toolbar!
http://toolbar.msn.it/
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
