Quoting Stephen Smalley ([EMAIL PROTECTED]): > On Wed, 2007-06-20 at 10:46 -0700, Chris Wright wrote: > > [folks, this is getting much too long-winded to stay a private thread] > <snip>
Sorry, I haven't gotten a copy of your email which Stephen is replying to, Chris. Who should we include? lsm, lkml, or both? I'm CC:ing lsm right now, though most of the original context has unfortunately been lost. > > mainline MAC meaning basically SELinux. IOW, while LIDS and Apparmor > > had/have models for handling capabilities (don't recall if it was grant > > or restrict only), SELinux is just now talking about doing something > > like this, but nothing is upstream and in wide distribution. Not upstream and not in wide distribution only because of concerns with turning selinux off. I personally have little doubt those concerns will be quickly worked around, be it by having the selinux labeling tools also add some posix file caps (unlikely :) for when selinux is turned off, or, more likely, by having a capability-only policy which can be switched to instead of turning selinux off, or by just mounting drives with nosuid rather than by actually removing the suid bits from programs, or some yet some other means. So i would actually expect the selinux capability to be upstream pretty quickly. > Just for clarification: AppArmor and current SELinux are purely > restrictive (i.e. further limit what a process can do, but don't allow > it to do anything it wasn't allowed to do by the base DAC+capability > logic). LIDS is authoritative (which did lead to a vulnerability, but > that had more to do with weak separation and incomplete controls than > anything else). The proposed SELinux extension would enable SELinux to > optionally (and selectively) be used authoritatively, but only if people > configure it in that manner, and in a way that is pretty easy to check > by auditors. -serge - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
