From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <283f5df10607181618q47bff969tbef9476c325d9f14@mail.gmail.com>
Date: Tue, 18 Jul 2006 19:18:44 -0400
From: "LiteStar numnums" <litestar@gmail.com>
To: "Fans of the OS Plan 9 from Bell Labs" <9fans@cse.psu.edu>
Subject: Re: Re: [9fans] if you're looking for some fun, check out selinux ...
In-Reply-To: <3e1162e60607181331x305a1b52od825beb247a4918b@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_34672_32729994.1153264724725"
References: <44BD2FF2.9050703@lanl.gov>
	<3e1162e60607181311j45ada14ax38591b706cb2c1bd@mail.gmail.com>
	<44BD4187.2090204@lanl.gov>
	<3e1162e60607181331x305a1b52od825beb247a4918b@mail.gmail.com>
Topicbox-Message-UUID: 83b5c1d0-ead1-11e9-9d60-3106f5b1d025

------=_Part_34672_32729994.1153264724725
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

You all seem to forget that this is a merging of anal retentive technologies
from a US government bureacracy and the anarchy of 'Linux', which is not
really a single anything accept a tree with lots and lots of code. This is
the same US goverment (although not the same bureaucracy) that unleashed
NIEM (niem.gov) onto the world, XML with no less than NINE NAMESPACES, which
is supposed to be used for critical (read: things like 'Oh, the leavies may
have been breached') data...
On a lighter note, I've always been happy with TrustedBSD & TrustedSolaris,
or OpenVMS ;-)

On 7/18/06, David Leimbach <leimy2k@gmail.com> wrote:
>
> On 7/18/06, Ronald G Minnich <rminnich@lanl.gov> wrote:
> > David Leimbach wrote:
> >
> > > It (SELINUX) was easily turned off with a switch in a conf file, but
> > > it's such a pain in the ass, I don't know why it's in a "FC" style
> > > distribution at all.
> >
> > The bigger question, which I can't quite figure out yet, is does selinux
> > provide some magic dust that in turn provides a level of security not
> > attainable any other way (i.e. in something like Plan 9) ... or, is it a
> > set of hacks to cover for an obsolete way of doing things. I am tending
> > toward thinking the latter, now that I've worked with it a bit. Watch
> > the discussions on labeling files, it's interesting, because the label
> > namespace seems to be fragmenting already.
> >
> > ron
> >
>
> It's very clearly add-on technology to make up for something people
> felt was unmanageable in Unix.  However do we really need both ACLs
> and SELINUX contexts?  Do our files really need to have named hidden
> data to store this crap in?
>
> I've honestly not read any papers justifying the need for ACLs or
> SELINUX controls.
>
> I suddenly miss DOS.
>
> Dave
>



--
Lead thou me on, O Zeus, and Destiny,
To that goal long ago to me assigned.
I'll follow and not falter; if my will
Prove weak and craven, still I'll follow on.
-- Epictetus

He who enters his wife's dressing room is a philosopher or a fool. -- Balzac

------=_Part_34672_32729994.1153264724725
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

You all seem to forget that this is a merging of anal retentive technologies from a US government bureacracy and the anarchy of 'Linux', which is not really a single anything accept a tree with lots and lots of code. This is the same US goverment (although not the same bureaucracy) that unleashed NIEM (
<a href="http://niem.gov">niem.gov</a>) onto the world, XML with no less than NINE NAMESPACES, which is supposed to be used for critical (read: things like 'Oh, the leavies may have been breached') data...<br>On a lighter note, I've always been happy with TrustedBSD &amp; TrustedSolaris, or OpenVMS ;-)
<br><br><div><span class="gmail_quote">On 7/18/06, <b class="gmail_sendername">David Leimbach</b> &lt;<a href="mailto:leimy2k@gmail.com">leimy2k@gmail.com</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On 7/18/06, Ronald G Minnich &lt;<a href="mailto:rminnich@lanl.gov">rminnich@lanl.gov</a>&gt; wrote:<br>&gt; David Leimbach wrote:<br>&gt;<br>&gt; &gt; It (SELINUX) was easily turned off with a switch in a conf file, but<br>
&gt; &gt; it's such a pain in the ass, I don't know why it's in a &quot;FC&quot; style<br>&gt; &gt; distribution at all.<br>&gt;<br>&gt; The bigger question, which I can't quite figure out yet, is does selinux<br>&gt; provide some magic dust that in turn provides a level of security not
<br>&gt; attainable any other way (i.e. in something like Plan 9) ... or, is it a<br>&gt; set of hacks to cover for an obsolete way of doing things. I am tending<br>&gt; toward thinking the latter, now that I've worked with it a bit. Watch
<br>&gt; the discussions on labeling files, it's interesting, because the label<br>&gt; namespace seems to be fragmenting already.<br>&gt;<br>&gt; ron<br>&gt;<br><br>It's very clearly add-on technology to make up for something people
<br>felt was unmanageable in Unix.&nbsp;&nbsp;However do we really need both ACLs<br>and SELINUX contexts?&nbsp;&nbsp;Do our files really need to have named hidden<br>data to store this crap in?<br><br>I've honestly not read any papers justifying the need for ACLs or
<br>SELINUX controls.<br><br>I suddenly miss DOS.<br><br>Dave<br></blockquote></div><br><br clear="all"><br>-- <br>Lead thou me on, O Zeus, and Destiny,<br>To that goal long ago to me assigned.<br>I'll follow and not falter; if my will
<br>Prove weak and craven, still I'll follow on.<br> -- Epictetus<br><br>He who enters his wife's dressing room is a philosopher or a fool. -- Balzac

------=_Part_34672_32729994.1153264724725--