LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Press page

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Filesystem Labeling in SELinux (Linux Journal)

[Posted October 6, 2004 by corbet]

Here's a Linux Journal article on how SELinux uses filesystem labels. "SELinux has hooks located at strategic points within the core kernel code, such as the point where a file is about to be read by a user. These hooks allow SELinux to break out of the normal flow of the kernel to request extended access control decisions. Access control decisions usually are made between a process (for example, cat) and an object (for example, /etc/shadow) for a specific permission (read)."
(Log in to post comments)

Filesystem Labeling in SELinux (Linux Journal)

Posted Oct 7, 2004 9:22 UTC (Thu) by etienne (subscriber, #25256) [Link]

Sometimes I wonder about such complex ACL when even basic
read/write/execute access for three group of people is so
complex to configure already.

I still remember those ACL on VAX/VMS - perfectly working,
the only problem was that, to erase a directory tree full of
object files (to do a "make clean") it needed 20 minutes, for
each files it had to check if I was in the right group and
had the right to delete it or not... It is OK to protect
source file - but who going to steal objects?

Adding such complex security as ACL (and so modifying all
the bits around like Makefile managing them) before even
doing "simple" things like mounting "/usr" read-only (not that
simple to upgrade packages then... completely rewrite this
interface) or making a VFAT partition (FAT16 with 32 Kbytes
per sector for efficiency) too mount on "/tmp" - so that you
cannot have an attack using symbolic links nor using temporary
devices (VFAT does not know those concepts) - adding ACL and
more complex stuff before basic things is a waste of time IHMO...

Etienne.

Filesystem Labeling in SELinux (Linux Journal)

Posted Oct 7, 2004 12:42 UTC (Thu) by jmshh (guest, #8257) [Link]

This is a reasoning one encounters much too often. There are two completely independent issues:

  1. The kernel developers are implementing infrastructure. An extension gets on the to-do list if and when there is someone with a big enough itch to want it. This person or group usually will do rather nothing at all if not able to do scratch its own itch.
  2. Distributors and Sysadmins create usable systems out of the kernel and lots of other stuff. Some of them are sloppy, some just ignorant, and some know how to and want to push the leading edge further.
So nothing is gained by hindering progress at one place just because you don't need it or your requirements allow a workaround. Not everything is created equal.

Btw., have a look at the nodev mount option. There is no need to throw out permissions just to avoid device nodes.

And about VMS: yes, deleting files was very slow, especially in directories with lots (>1000) of files. But this was independent of ACLs and got a lot better on recent versions.

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds