Michael Stone
2008-01-28 05:33:34 UTC
Blake,
Questions like this are best addressed to the security mailing list:
security at lists.laptop.org
However, the brief answer is:
* selinux appears to me to be more expensive to use than the path I've
pursued so far because it seems both enourmously complicated and
sparsely documented.
* no selinux advocates have been able to explain to me, in detail, how
I can use it to solve the problems that I want to solve. They
typically point to run-time policy generation as the way forward
while neglecting to address the issues that
- user-land policy servers are an active research topic and
- selinux's policy configuration language and APIs are rather
ad-hoc.
* relatively few programmers know how to reason about or work in
selinux-controlled environments compared to the number who can work
happily with Unix discretionary access control.
This being said, I've spent some time in recent weeks reading about
selinux so that I'm better informed of its capabilities. If someone
makes a persuasive argument to me that I can use it to fulfill my goals
at less cost than the path I'm currently pursuing, then I'll be all ears.
Michael
Questions like this are best addressed to the security mailing list:
security at lists.laptop.org
However, the brief answer is:
* selinux appears to me to be more expensive to use than the path I've
pursued so far because it seems both enourmously complicated and
sparsely documented.
* no selinux advocates have been able to explain to me, in detail, how
I can use it to solve the problems that I want to solve. They
typically point to run-time policy generation as the way forward
while neglecting to address the issues that
- user-land policy servers are an active research topic and
- selinux's policy configuration language and APIs are rather
ad-hoc.
* relatively few programmers know how to reason about or work in
selinux-controlled environments compared to the number who can work
happily with Unix discretionary access control.
This being said, I've spent some time in recent weeks reading about
selinux so that I'm better informed of its capabilities. If someone
makes a persuasive argument to me that I can use it to fulfill my goals
at less cost than the path I'm currently pursuing, then I'll be all ears.
Michael
Hi Mike,
I was wondering why you didn't pick SELinux for the OLPC's activities
and activity instances. Is it that you will eventually have Rainbow set
up individualized security contexts for each instance, or that Rainbow
and SElinux solve different problems? If you don't know much about
SELinux, I'll do the reading on my own, but if you know about it I'd
rather hear about it from you.
--Blake.
I was wondering why you didn't pick SELinux for the OLPC's activities
and activity instances. Is it that you will eventually have Rainbow set
up individualized security contexts for each instance, or that Rainbow
and SElinux solve different problems? If you don't know much about
SELinux, I'll do the reading on my own, but if you know about it I'd
rather hear about it from you.
--Blake.