[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Alternative user management approach

To: selinux@xxxxxxxxxxxxx
Subject: Re: Alternative user management approach
From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Date: Fri, 24 Jun 2005 15:52:16 -0700 (PDT)
In-reply-to: <200506242211.j5OMBUA5012667@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

--- Valdis.Kletnieks@xxxxxx wrote:

> And for the most part, yes DAC is sufficient - but
> there's a few things I'd
> like to apply at the MAC level using constraints. 
> I'd much rather have one
> user_u with 20-30 locally added ($u1 != $u2)
> constraints than have to drag
> around user1_u..user1000_u with corresponding
> ruleset explosion....

I'm probably missing something, but it looks to
me like the user seperation issue is handled quite
nicely by a well implemented B&L category set.
There are may places using MLS systems in that 
way today.

Casey Schaufler
casey@xxxxxxxxxxxxxxxx

____________________________________________________ 
Yahoo! Sports 
Rekindle the Rivalries. Sign up for Fantasy Football 
http://football.fantasysports.yahoo.com

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- Re: Alternative user management approach
  - From: Daniel J Walsh

References:
- Re: Alternative user management approach
  - From: Valdis . Kletnieks

Prev by Date: Re: Alternative user management approach
Next by Date: Re: Alternative user management approach
Previous by thread: Re: Alternative user management approach
Next by thread: Re: Alternative user management approach
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.