https://lwn.net/Articles/768819/ This is a special feed containing comments posted to the individual LWN article titled "Compartmentalized computing with CLIP OS". en-us Sat, 08 Nov 2025 11:27:20 +0000 Sat, 08 Nov 2025 11:27:20 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/770147/ https://lwn.net/Articles/770147/ marcH <div class="FormattedComment"> <font class="QuotedText">&gt; But while "SE" lead to very low level (and possibly very difficult to use)</font><br> <p> Not difficult at all, look: <a href="https://www.google.com/search?q=disable+selinux">https://www.google.com/search?q=disable+selinux</a> (over 1 million hits!)<br> <p> In *some* situations disabling SElinux can make the system... more secure by removing the false sense of security provided by an obviously misconfigured solution.<br> <p> Knowing where it came from, I've always wondered if anyone involved in the design actually expects SELinux to be frequently misconfigured.<br> <p> </div> Wed, 31 Oct 2018 14:09:38 +0000 https://lwn.net/Articles/770104/ https://lwn.net/Articles/770104/ edeloget <div class="FormattedComment"> You seem pretty right (at least for CLIP OS 4): the end user environment supports only two levels (the low level and the high level). <br> <p> The infrastructure might still be more capable (don't know yet).<br> </div> Wed, 31 Oct 2018 00:24:03 +0000 https://lwn.net/Articles/769970/ https://lwn.net/Articles/769970/ Villemoes <div class="FormattedComment"> Can't O_MAYEXEC be implemented in userspace with fstatvfs() on the opened file and checking struct statvfs::f_flag? Compared to the work already needed for each interpreter (not just adding O_MAYEXEC, but also disabling -e and executing from stdin etc.) copy-pasting a simple openat_mayexec() wrapper seems quite simple.<br> </div> Tue, 30 Oct 2018 10:22:08 +0000 https://lwn.net/Articles/769963/ https://lwn.net/Articles/769963/ ortalo <div class="FormattedComment"> Even though the project heavily claims to offer a multilevel OS, I have the feeling that only a dual level environnment is offered, with primarily two big compartments ; pretty far from the actual MLS systems described in a Bell-LaPadula policy (e.g. with labels on objects or subjects, etc.).<br> Do you share that impression (esp. in CLIP OS 4)?<br> <p> </div> Tue, 30 Oct 2018 09:31:53 +0000 https://lwn.net/Articles/769962/ https://lwn.net/Articles/769962/ ortalo <div class="FormattedComment"> I agree it is the same kind of sound, yes. But while "SE" lead to very low level (and possibly very difficult to use) mandatory mechanisms, I have the feeling that "CLIP" may lead to very coarse grain (possibly dual conlfidentiality level-only) use cases that may only be useful in specific contexts.<br> Like when intelligence analysts are browsing the public (dark)web while writing governmental reports ; and the commander is paranoid about viruses revealing secret information on ministers mistresses (before they publish a book themselves).<br> I am not so optimistic that these mechanisms can be useful in the general case ; but I really welcome the move towards doing the development of the next version in the open.<br> </div> Tue, 30 Oct 2018 09:29:36 +0000 https://lwn.net/Articles/769914/ https://lwn.net/Articles/769914/ SEJeff <div class="FormattedComment"> This sounds a lot like a modern version of the NSA's Flask Security Architecture (of which the result was in fact SELinux) to provide Information Assurance guarantees enforced at the Kernel level:<br> <p> <a href="https://www.usenix.org/conference/8th-usenix-security-symposium/flask-security-architecture-system-support-diverse-security">https://www.usenix.org/conference/8th-usenix-security-sym...</a><br> <p> <p> </div> Mon, 29 Oct 2018 19:31:27 +0000