User: Password:
|
|
Subscribe / Log in / New account

SMACK meets the One True Security Module

SMACK meets the One True Security Module

Posted Oct 2, 2007 18:20 UTC (Tue) by flewellyn (subscriber, #5047)
Parent article: SMACK meets the One True Security Module

I think the problem here is, we're getting conflicting messages from the SELinux folks. On the one hand, they insist that SELinux is a security architecture, and can be used to create higher-level, more abstract security tools. On the other hand, they insist that SELinux should be usable as-is from userspace, by ordinary administrators.

I don't see these positions as compatible at all. And while I am no expert with SELinux (aside from the developers, does such a thing exist?), from what I understand about it, it IS more suited as an architecture for building security tools, than as a security tool in its own right. So perhaps the SELinux folks should work on making its interface more of a "programmatic" one, and stop emphasizing the userspace tools as security solutions on their own. In other words, to compare to another Linux subsystem, SELinux would be Netfilter to other tools' iptables or shorewall.


(Log in to post comments)

SMACK meets the One True Security Module

Posted Oct 3, 2007 0:29 UTC (Wed) by drag (subscriber, #31333) [Link]

Well I think the point behind Eclispe is that it's a framework for building IDEs and what IDE you get when you try it out is only going to have a tiny fraction of it's capabilties.

Er, something like that.

Personally I'm happy with Vim and Python. No need for intellesense or anything like that for a language that is designed to be easy to remember and I am not working in a formal corporate environment. (I'll probably just program in C or pyrex or something like that if I need speed)

SMACK meets the One True Security Module

Posted Oct 3, 2007 3:23 UTC (Wed) by drag (subscriber, #31333) [Link]

OMG, I can't beleive I posted the above to teh wrong article.WTF was I thinking.

:(

SMACK meets the One True Security Module

Posted Oct 4, 2007 0:09 UTC (Thu) by jamesm (guest, #2273) [Link]

Oddly enough, it still makes sense here :-)

Thanks to Drag replying to wrong article, I just had a bright idea

Posted Oct 5, 2007 9:18 UTC (Fri) by pr1268 (subscriber, #24648) [Link]

Agreed! Drag's comment about his "IDE" of vim and python vs. Eclipse did indeed bear some resemblance to the discussion about SELinux vs. AppArmour. What a pleasantly surreal experience!

Thanks to Drag's misplaced comment, I just had a bright idea: Eclipse IDE for SELinux!! Use all the features you've come to expect with using Eclipse to develop Java, C, or C++... and now you can build your own security framework! Testing your framework is simply a few mouse clicks away via the "build/debug" menu.

</end silliness> ;-)

Thanks to Drag replying to wrong article, I just had a bright idea

Posted Oct 5, 2007 14:07 UTC (Fri) by nix (subscriber, #2304) [Link]

Obviously the *right* approach is an Emacs specialized entirely for writing SELinux configurations. There's even an XEmacs fork with the right name: SXEmacs. Just reuse the name, write a new selinux mode, rip out all that boring stuff nobody uses like text-mode, cc-mode, vm and gnus, and you're home free! :)

Thanks to Drag replying to wrong article, I just had a bright idea

Posted Dec 11, 2008 18:22 UTC (Thu) by SEJeff (subscriber, #51588) [Link]

Does it have vim bindings? *runs and hides*

"I just had a bright idea" - Tresys did it!

Posted Oct 9, 2007 16:52 UTC (Tue) by ejratl (guest, #4925) [Link]

See SELinux Policy IDE aka SLIDE. It may not be the full embodiment of your dream, but its a starting point. ;-)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds