<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">To get picky, it was written to prevent
breaches of confidentiality, in part so that a sysadmin couldn't
just copy everything to a thumb drive and walk away. <br>
<br>
Because of that, it can protect against a program I run from
either snooping on or providing bad data to others, and as a
side-effect, keep it from getting more permissions that it
minimally needs.<br>
<br>
Rogue users can be walled off from people, but on Linux, that's
been a lower priority than rogue programs. <br>
<br>
--dave<br>
[Double irony: NSA software that helps stop snooping, <i>and</i>
it's software they don't use themselves, to stop snooping by
insiders]<br>
<br>
<br>
On 08/18/2014 10:19 AM, Bill Thanis wrote:<br>
</div>
<blockquote
cite="mid:CAA3RLT6KMfBZH7GOEzr9OUnLbPidrfa4bUmPxmY9LBFTGzDp3w-JsoAwUIsXov1KXRcyAk9cg@public.gmane.orgl.com"
type="cite">
<div dir="ltr">
<div>
<div>There are two very different types of security. The first
is security from humans, ie the two examples you gave. The
second is security from malicious or error filled programs.<br>
<br>
</div>
SELINUX is mostly about protecting one group of system
resources (files) from processes that could cause it problems.<br>
<br>
</div>
Bill<br>
<br>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Fri, Aug 15, 2014 at 11:11 PM,
Howard Gibson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:hgibson-MwcKTmeKVNQ@public.gmane.org" target="_blank">hgibson@eol.ca</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"> On my
home computer and laptops, SElinux is a pain in the butt.<br>
<br>
Who is protected by SElinux? Does it protect the system
from rogue users, or does it protect from external crackers?<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Howard Gibson<br>
<a moz-do-not-send="true" href="mailto:hgibson-MwcKTmeKVNQ@public.gmane.org">hgibson-MwcKTmeKVNQ@public.gmane.org</a><br>
<a moz-do-not-send="true"
href="mailto:howard.gibson-PadmjKOQAFnQT0dZR+AlfA@public.gmane.org">howard.gibson@optech.com</a><br>
<a moz-do-not-send="true"
href="mailto:jhowardgibson-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org">jhowardgibson@gmail.com</a><br>
<a moz-do-not-send="true"
href="http://home.eol.ca/%7Ehgibson" target="_blank">http://home.eol.ca/~hgibson</a><br>
--<br>
The Toronto Linux Users Group. Meetings: <a
moz-do-not-send="true" href="http://gtalug.org/"
target="_blank">http://gtalug.org/</a><br>
TLUG requests: Linux topics, No HTML, wrap text below 80
columns<br>
How to UNSUBSCRIBE: <a moz-do-not-send="true"
href="http://gtalug.org/wiki/Mailing_lists"
target="_blank">http://gtalug.org/wiki/Mailing_lists</a><br>
</font></span></blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
David Collier-Brown, | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
<a class="moz-txt-link-abbreviated" href="mailto:davecb-0XdUWXLQalXR7s880joybQ@public.gmane.org">davecb-0XdUWXLQalXR7s880joybQ@public.gmane.org</a> | -- Mark Twain
</pre>
</body>
</html>