LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Is is not that complex

Is is not that complex

Posted Sep 23, 2004 21:49 UTC (Thu) by erich (subscriber, #7127)
Parent article: An introduction to SELinux

It isn't that complex.
Granted, the tools could need a bit of polishing. For example when installing the initial policy, it will ask you for several dozens of files wheter you want to install them. For example you will be asked if you want to install "bind.te" and "bind.fc" (type enforcements and file contexts).
For most apps, such files have been written and work.

The more applications you run, the more rule sets you'll have to write on you own. Well, not totally on your own. There are a dozen of macros which will do most you need. So you end up writing single-liners which could be translated to english as "allow application foo to read files of type foo_static_data"

Hell, this is not that complex. A real MAC approach can't get much easier.
It's just the syntax that sucks. But i guess if they had used perl macros to generate the config files a different part of the users would complain.

(And you are free to use different tools to generate your rule files)

(Log in to post comments)

Is is not that complex

Posted Sep 23, 2004 22:14 UTC (Thu) by walters (subscriber, #7396) [Link]

Granted, the tools could need a bit of polishing. For example when installing the initial policy, it will ask you for several dozens of files wheter you want to install them.

I spent a while trying to fix that while I was still working on SELinux for Debian. Russell never had time to look at it, but it'd be cool if you could pick it up again. I think the code is still in the ancient versions of my Debian policy packages.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds