On Thu, 2006-09-21 at 17:01 +0200, Salvo Giuffrida wrote: > Isn't there complete control also on standard Linux with DAC? No, there are entire object classes left uncontrolled by DAC (e.g. sockets), and there a quite a few operations that are not constrained by DAC. > Security relevant information, such as? Level of confidentiality, role, > and...? Yes, the role and clearance of the user, the function and trustworthiness of the program (and potentially the call chain leading to it), the sensitivity and integrity of the process and the data, etc. This is all fairly well covered in the background and papers on the nsa.gov/selinux site, http://www.nsa.gov/selinux/info/ http://www.nsa.gov/selinux/info/docs.cfm Not up to date, but useful in understanding. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
