User: Password:
|
|
Subscribe / Log in / New account

SELinux shortcomings

SELinux shortcomings

Posted May 5, 2006 1:10 UTC (Fri) by sshimko (guest, #37560)
In reply to: SELinux shortcomings by alogghe
Parent article: The AppArmor debate begins

SELinux supports context based mounts so while it is not currently possible to label NFS files (although this has been explored) it is possible to label the entire mounted file system.

So what you're saying is that you'd rather have security policy enforced across arbitrary mount points? So if I mount a NFS share on /mnt, /media, and /home the security policy is completely different for each? This doesn't sit well with me...


(Log in to post comments)

SELinux shortcomings

Posted May 5, 2006 5:13 UTC (Fri) by alogghe (subscriber, #6661) [Link]

Yes we would need security enforced at different levels/files in the mount points and selinux would be too course grained (just on/off at the mount point itself).

Network based filesystems provide a great deal of flexibility that we need here in the trenches ;)

Heh it's funny how some of us see the different policy against the different pathname/same share as a useful feature and it makes other people paranoid.

It's dangerous I agree but so is any powertool.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds