SElinux

David Collier-Brown davec-b-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Mon Aug 18 19:24:23 UTC 2014


To get picky, it was written to prevent breaches of confidentiality, in
part so that a sysadmin couldn't just copy everything to a thumb drive
and walk away. 

Because of that, it can protect against a program I run from either
snooping on or providing bad data to others, and as a side-effect, keep
it from getting more permissions that it minimally needs.

Rogue users can be walled off from people, but on Linux, that's been a
lower priority than rogue programs.

--dave
[Double irony: NSA software that helps stop snooping, /and/ it's
software they don't use themselves, to stop snooping by insiders]


On 08/18/2014 10:19 AM, Bill Thanis wrote:
> There are two very different types of security. The first is security
> from humans, ie the two examples you gave. The second is security from
> malicious or error filled programs.
>
> SELINUX is mostly about protecting one group of system resources
> (files) from processes that could cause it problems.
>
> Bill
>
>
>
> On Fri, Aug 15, 2014 at 11:11 PM, Howard Gibson <hgibson-MwcKTmeKVNQ at public.gmane.org
> <mailto:hgibson-MwcKTmeKVNQ at public.gmane.org>> wrote:
>
>        On my home computer and laptops, SElinux is a pain in the butt.
>
>        Who is protected by SElinux?  Does it protect the system from
>     rogue users, or does it protect from external crackers?
>
>     --
>     Howard Gibson
>     hgibson-MwcKTmeKVNQ at public.gmane.org <mailto:hgibson-MwcKTmeKVNQ at public.gmane.org>
>     howard.gibson-PadmjKOQAFnQT0dZR+AlfA at public.gmane.org <mailto:howard.gibson-PadmjKOQAFnQT0dZR+AlfA at public.gmane.org>
>     jhowardgibson-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org <mailto:jhowardgibson-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>
>     http://home.eol.ca/~hgibson <http://home.eol.ca/%7Ehgibson>
>     --
>     The Toronto Linux Users Group.      Meetings: http://gtalug.org/
>     TLUG requests: Linux topics, No HTML, wrap text below 80 columns
>     How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
>


-- 
David Collier-Brown,         | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb-0XdUWXLQalXR7s880joybQ at public.gmane.org           |                      -- Mark Twain

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20140818/dc733603/attachment.html>


More information about the Legacy mailing list