Naming convention flames
Stephen Smalley
sds at epoch.ncsc.mil
Fri Apr 2 19:24:31 UTC 2004
On Fri, 2004-04-02 at 14:06, Dax Kelson wrote:
> Obviously the features that POSIX file ACLs provides is a subset of what
> SELinux provides.
No. POSIX ACLs are a form of DAC, just slightly finer-grained. SELinux
provides MAC. They are orthogonal.
> I'm a fan of SELinux with it's way enforce the "correct behavior" of
> applications, but if you are just narrowly looking at the a solution for
> granular file permissions, then POSIX file ACLs are all you need.
Not if you want to counter the classic limitations of DAC.
> I suppose in a SELinux environment, POSIX file ACLs are redundant and
> uneeded (except for the "default permissions" (ala a custom umask) for a
> directory feature).
> Speaking of which, how does SELinux file permissions interact with a
> directory that has a default ACL applied?
No, ACLS can still be useful for fine grained DAC. Both the DAC (ACLs
or otherwise) and MAC must approve each operation.
Why is DAC inadequate?
- Decisions are only based on user identity and ownership.
- There is no protection against flawed or malicious software.
- Each user has complete discretion over his own objects.
- There are typically only two major categories of users:
administrators or others.
- Many system services and privileged programs must run with
coarse-grained privileges or even full administrator access.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list