On Thu, Sep 21, 2006 at 05:01:10PM +0200, Salvo Giuffrida wrote: > >From: Stephen Smalley <sds@xxxxxxxxxxxxx> > >Mandatory access control implies a bit more than just admin-only policy > >(otherwise AppArmor would qualify, as would many other things). In > >particular, we identify three properties for MAC: > >- complete mediation (control over all processes and objects), > Isn't there complete control also on standard Linux with DAC? What are > things not controlled? Virtual filesystems? The "Discretionary" in DAC means that a user has the right to give anyone read or write access to his files. MAC doesn't permit that, certain accesses are forbidden by the admin controlled policy no matter what the user wants. This way, MAC offers protections against trojan horses and other malicious code that's running with a user's privileges. You may want to read the book "Building a Secure Computer System" by Morrie Gasser, which is a bit old but has an excellent introduction to this: http://nucia.ist.unomaha.edu/library/gasserbook.pdf > >- complete and accurate basis for security decisions (decisions based on > >all security relevant information, and accurately reflecting the > >security properties of the process and object), > Security relevant information, such as? Level of confidentiality, role, > and...? Type (SELinux uses Type Enforcement (TE) in additition to MLS and to support RBAC) The "accurate" part is a dig at AppArmor which is path based, as opposed to the file labels which are directly associated with objects. Each has advantages and disadvantages, check the LKML "LSM" flamewar for additional background information. -Klaus -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
