LWN: Comments on "SMACK meets the One True Security Module"

Thanks to Drag replying to wrong article, I just had a bright idea

SEJeff — Thu, 11 Dec 2008 18:22:58 +0000

Does it have vim bindings? *runs and hides*

SMACK meets the One True Security Module

ury — Thu, 11 Oct 2007 06:43:24 +0000

what about GRSecurity ? or some similar,
maybe just ask security-patch authors about they vision?

http://www.grsecurity.net/lsm.php
http://www.rsbac.org/documentation/why_rsbac_does_not_use...

ps: selinux i think toooooo blooooated to use
i like grsec, and interested in making things better ;)

"I just had a bright idea" - Tresys did it!

ejratl — Tue, 09 Oct 2007 16:52:35 +0000

See SELinux Policy IDE aka SLIDE. It may not be the full embodiment of your dream, but its a starting point. ;-)

Thanks to Drag replying to wrong article, I just had a bright idea

nix — Fri, 05 Oct 2007 14:07:37 +0000

Obviously the *right* approach is an Emacs specialized entirely for writing SELinux configurations. There's even an XEmacs fork with the right name: SXEmacs. Just reuse the name, write a new selinux mode, rip out all that boring stuff nobody uses like text-mode, cc-mode, vm and gnus, and you're home free! :)

Thanks to Drag replying to wrong article, I just had a bright idea

pr1268 — Fri, 05 Oct 2007 09:18:06 +0000

Agreed! Drag's comment about his "IDE" of vim and python vs. Eclipse did indeed bear some resemblance to the discussion about SELinux vs. AppArmour. What a pleasantly surreal experience!

Thanks to Drag's misplaced comment, I just had a bright idea: Eclipse IDE for SELinux!! Use all the features you've come to expect with using Eclipse to develop Java, C, or C++... and now you can build your own security framework! Testing your framework is simply a few mouse clicks away via the "build/debug" menu.

</end silliness> ;-)

SMACK meets the One True Security Module

nix — Thu, 04 Oct 2007 21:04:22 +0000

AppArmor predates SELinux, and does things that SELinux can't do without
insane delays (mass-relabelling of potentially every file in a very deep
subdirectory whenever you rename it springs to mind; even crazier
mass-relabellings of everything on the disk to implement some changes of
policy, unless I miss my guess).

(Equally, AppArmor can't efficiently imitate a TE system --- but nobody's
claiming it can.)

SMACK meets the One True Security Module

jengelh — Thu, 04 Oct 2007 14:53:47 +0000

>Ignore the userspace tools! Make a portion of SELinux as capable and easy to use as AppArmor or SMACK and SELinux adoption will increase tenfold.

So, interestingly, is not *Novell* to blame (rather than SELinux or the casual user) to not have AppArmor designed to use SELinux as LSM? Just a thought...

SMACK meets the One True Security Module

jamesm — Thu, 04 Oct 2007 00:09:43 +0000

Oddly enough, it still makes sense here :-)

SMACK meets the One True Security Module

drag — Wed, 03 Oct 2007 03:23:26 +0000

OMG, I can't beleive I posted the above to teh wrong article.WTF was I thinking.

SMACK meets the One True Security Module

drag — Wed, 03 Oct 2007 00:29:27 +0000

Well I think the point behind Eclispe is that it's a framework for building IDEs and what IDE you get when you try it out is only going to have a tiny fraction of it's capabilties.

Er, something like that.

Personally I'm happy with Vim and Python. No need for intellesense or anything like that for a language that is designed to be easy to remember and I am not working in a formal corporate environment. (I'll probably just program in C or pyrex or something like that if I need speed)

SMACK meets the One True Security Module

danieldk — Tue, 02 Oct 2007 20:43:19 +0000

It depends on what policy you use. For example, the Simplified Policy Description Language is quite easy to grok:

http://seedit.sourceforge.net/

It's policy language looks a lot like AppArmor's, but it does use file contexts underneath.

SMACK meets the One True Security Module

flewellyn — Tue, 02 Oct 2007 18:20:44 +0000

I think the problem here is, we're getting conflicting messages from the SELinux folks. On the one hand, they insist that SELinux is a security architecture, and can be used to create higher-level, more abstract security tools. On the other hand, they insist that SELinux should be usable as-is from userspace, by ordinary administrators.

I don't see these positions as compatible at all. And while I am no expert with SELinux (aside from the developers, does such a thing exist?), from what I understand about it, it IS more suited as an architecture for building security tools, than as a security tool in its own right. So perhaps the SELinux folks should work on making its interface more of a "programmatic" one, and stop emphasizing the userspace tools as security solutions on their own. In other words, to compare to another Linux subsystem, SELinux would be Netfilter to other tools' iptables or shorewall.

SMACK meets the One True Security Module

bronson — Tue, 02 Oct 2007 17:36:31 +0000

It seems like the SELinux guys are still looking to userspace tools to bail them out of their usability nightmare. I'm guessing most Linux admins enter iptables commands by hand (or by script), and iptables is *way* simpler than SELinux. The ALSA guys leaned on userspace to bail them out of their complexity nightmare and look at where it got them.

As long as it takes *days* for a good admin to learn and provision a nontrivial SELinux server, SELinux is a non-starter (in my workshop anyway). Ignore the userspace tools! Make a portion of SELinux as capable and easy to use as AppArmor or SMACK and SELinux adoption will increase tenfold.

I'm excited about SMACK. I hope it gets merged. And I hope SELinux guys start taking learnability and usability seriously.