Linux security non-modules and AppArmor
Posted Jun 28, 2007 8:47 UTC (Thu) by ljt
In reply to: Linux security non-modules and AppArmor
Parent article: Linux security non-modules and AppArmor
I agree fully: selinux must be included in the kernel the same way memory management, network or vfs are.
I think though that selinux would gain a BIG user mindshare by becoming less opaque: Common mortal *cannot* know which constraints a process is under.
There is tool to see the label in files, but there is no tools (that I am aware of) to see in which context a process is under and what it is allowed to do.
Take the legacy DAC model: ps gives you the uid/gid, this is all you know to match the ressources it can manipulate.
Make no mistake: inspecting .mod, .te, .pp objects is to selinux what forensic is to live debugging. We *must* have _live_ and _convenient_ tools to:
-See process contexts and the relvant rules it is under
-Apply or remove type enforcement rules the same way chcon works (think pscon)
-Provoque transitions between process contexts while running
It is currently a PITA to admin the thing in a mission critical environment
to post comments)