|
|
Subscribe / Log in / New account

Compartmentalized computing with CLIP OS

Compartmentalized computing with CLIP OS

Posted Oct 30, 2018 9:29 UTC (Tue) by ortalo (guest, #4654)
In reply to: Compartmentalized computing with CLIP OS by SEJeff
Parent article: Compartmentalized computing with CLIP OS

I agree it is the same kind of sound, yes. But while "SE" lead to very low level (and possibly very difficult to use) mandatory mechanisms, I have the feeling that "CLIP" may lead to very coarse grain (possibly dual conlfidentiality level-only) use cases that may only be useful in specific contexts.
Like when intelligence analysts are browsing the public (dark)web while writing governmental reports ; and the commander is paranoid about viruses revealing secret information on ministers mistresses (before they publish a book themselves).
I am not so optimistic that these mechanisms can be useful in the general case ; but I really welcome the move towards doing the development of the next version in the open.

to post comments

Compartmentalized computing with CLIP OS

Posted Oct 31, 2018 14:09 UTC (Wed) by marcH (subscriber, #57642) [Link]

> But while "SE" lead to very low level (and possibly very difficult to use)

Not difficult at all, look: https://www.google.com/search?q=disable+selinux (over 1 million hits!)

In *some* situations disabling SElinux can make the system... more secure by removing the false sense of security provided by an obviously misconfigured solution.

Knowing where it came from, I've always wondered if anyone involved in the design actually expects SELinux to be frequently misconfigured.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds