[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dumb newbie questions

To: gyurdiev@xxxxxxxxxx
Subject: Re: dumb newbie questions
From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Date: Mon, 20 Jun 2005 12:28:32 -0400
Cc: SELinux@xxxxxxxxxxxxx, "R. Steven Rainwater" <srainwater@xxxxxxx>
In-reply-to: <1119280474.2766.9.camel@xxxxxxxxxxxxxxxxxxxxxxxxx>
Organization: National Security Agency
References: <20050619164015.15419.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <1119210718.17213.6.camel@xxxxxxxxxxxxxxxxxxxxx> <1119213695.17213.29.camel@xxxxxxxxxxxxxxxxxxxxx> <1119238487.5253.23.camel@xxxxxxxxxxxxxxxxxxxxx> <200506200445.j5K4jbRc007280@xxxxxxxxxxxxxxxxxxxxxxx> <1119278717.30000.10.camel@xxxxxxxxxxxxx> <1119280474.2766.9.camel@xxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

On Mon, 2005-06-20 at 11:14 -0400, Ivan Gyurdiev wrote: 
> SELinux is not supposed to be transparent. 
> That was my misunderstanding when I first encountered it,
> and I have accepted this requirement since then. 

Hmmm...well, SELinux is designed to provide transparency as much as
possible (e.g. it allows default domain transitions and file type
transitions to reduce the need to modify applications, and the ability
to configure policy means that you get to choose where to make
functionality vs. security tradeoffs).

> If you are interested in the extra security offered, then
> you have to put in some extra effort in making your
> applications run on top of this system. Hopefully as
> the policy becomes more mature, this will be less
> of an issue.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

References:
- Re: dumb newbie questions
  - From: Casey Schaufler
- Re: dumb newbie questions
  - From: Ivan Gyurdiev
- Re: dumb newbie questions
  - From: Ivan Gyurdiev
- Re: dumb newbie questions
  - From: R. Steven Rainwater
- Re: dumb newbie questions
  - From: Valdis . Kletnieks
- Re: dumb newbie questions
  - From: R. Steven Rainwater
- Re: dumb newbie questions
  - From: Ivan Gyurdiev

Prev by Date: Re: dumb newbie questions
Next by Date: Re: dumb newbie questions
Previous by thread: Re: dumb newbie questions
Next by thread: Re: dumb newbie questions
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.