Re: Re: [9fans] if you're looking for some fun, check out selinux ...

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: "David Leimbach" <leimy2k@gmail.com>
To: "Fans of the OS Plan 9 from Bell Labs" <9fans@cse.psu.edu>
Subject: Re: Re: [9fans] if you're looking for some fun, check out selinux ...
Date: Tue, 18 Jul 2006 13:31:36 -0700	[thread overview]
Message-ID: <3e1162e60607181331x305a1b52od825beb247a4918b@mail.gmail.com> (raw)
In-Reply-To: <44BD4187.2090204@lanl.gov>

On 7/18/06, Ronald G Minnich <rminnich@lanl.gov> wrote:
> David Leimbach wrote:
>
> > It (SELINUX) was easily turned off with a switch in a conf file, but
> > it's such a pain in the ass, I don't know why it's in a "FC" style
> > distribution at all.
>
> The bigger question, which I can't quite figure out yet, is does selinux
> provide some magic dust that in turn provides a level of security not
> attainable any other way (i.e. in something like Plan 9) ... or, is it a
> set of hacks to cover for an obsolete way of doing things. I am tending
> toward thinking the latter, now that I've worked with it a bit. Watch
> the discussions on labeling files, it's interesting, because the label
> namespace seems to be fragmenting already.
>
> ron
>

It's very clearly add-on technology to make up for something people
felt was unmanageable in Unix.  However do we really need both ACLs
and SELINUX contexts?  Do our files really need to have named hidden
data to store this crap in?

I've honestly not read any papers justifying the need for ACLs or
SELINUX controls.

I suddenly miss DOS.

Dave

next prev parent reply	other threads:[~2006-07-18 20:31 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-07-18 19:01 Ronald G Minnich
2006-07-18 20:11 ` David Leimbach
2006-07-18 20:16   ` Ronald G Minnich
2006-07-18 20:31     ` David Leimbach [this message]
2006-07-18 23:18       ` LiteStar numnums
2006-07-19  0:29         ` David Leimbach
2006-07-19  0:34           ` LiteStar numnums
2006-07-19  1:21             ` Re: Re: [9fans] if you're looking for some fun, Brantley Coile
2006-07-19  1:36               ` LiteStar numnums
2006-07-19  2:37               ` Skip Tavakkolian
2006-07-19  4:37               ` cej
2006-07-19 15:50                 ` LiteStar numnums
2006-07-18 20:21   ` [9fans] if you're looking for some fun, check out selinux jmk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3e1162e60607181331x305a1b52od825beb247a4918b@mail.gmail.com \
    --to=leimy2k@gmail.com \
    --cc=9fans@cse.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).