A few questions
Salvo Giuffrida
giuffsalvo at hotmail.it
Thu Sep 21 15:01:10 UTC 2006
>From: Stephen Smalley <sds at tycho.nsa.gov>
>To: "Christopher J. PeBenito" <cpebenito at tresys.com>
>CC: Salvo Giuffrida <giuffsalvo at hotmail.it>, fedora-selinux-list at redhat.com
>Subject: Re: A few questions
>Date: Thu, 21 Sep 2006 10:53:53 -0400
>
>On Thu, 2006-09-21 at 10:15 -0400, Christopher J. PeBenito wrote:
> > On Thu, 2006-09-21 at 15:07 +0200, Salvo Giuffrida wrote:
> > > - What makes the access control of SELinux "mandatory"? The fact that
>normal
> > > users can't change the security policy?
> >
> > Yes. Policy only is set by the admin.
>
>Mandatory access control implies a bit more than just admin-only policy
>(otherwise AppArmor would qualify, as would many other things). In
>particular, we identify three properties for MAC:
>- complete mediation (control over all processes and objects),
Isn't there complete control also on standard Linux with DAC? What are
things not controlled? Virtual filesystems?
>- complete and accurate basis for security decisions (decisions based on
>all security relevant information, and accurately reflecting the
>security properties of the process and object),
Security relevant information, such as? Level of confidentiality, role,
and...?
Do you know a repository for Fedore where I can find the source rpms for the
targeted and/or the strict policy?
Thanks
>- administrator-defined policy.
>
>--
>Stephen Smalley
>National Security Agency
>
_________________________________________________________________
Ricerche online più semplici e veloci con MSN Toolbar!
http://toolbar.msn.it/
More information about the fedora-selinux-list
mailing list