LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Multipath TCP: an overview

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

SELinux shortcomings

SELinux shortcomings

Posted May 5, 2006 1:10 UTC (Fri) by sshimko (guest, #37560)
In reply to: SELinux shortcomings by alogghe
Parent article: The AppArmor debate begins

SELinux supports context based mounts so while it is not currently possible to label NFS files (although this has been explored) it is possible to label the entire mounted file system.

So what you're saying is that you'd rather have security policy enforced across arbitrary mount points? So if I mount a NFS share on /mnt, /media, and /home the security policy is completely different for each? This doesn't sit well with me...

(Log in to post comments)

SELinux shortcomings

Posted May 5, 2006 5:13 UTC (Fri) by alogghe (subscriber, #6661) [Link]

Yes we would need security enforced at different levels/files in the mount points and selinux would be too course grained (just on/off at the mount point itself).

Network based filesystems provide a great deal of flexibility that we need here in the trenches ;)

Heh it's funny how some of us see the different policy against the different pathname/same share as a useful feature and it makes other people paranoid.

It's dangerous I agree but so is any powertool.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds