[techtalk] SELinux
Jeff Dike
jdike at karaya.com
Sat Jul 7 10:42:10 EST 2001
mimerki at saintmail.net said:
> Has anyone on this list looked into this?
There was a talk at the kernel summit on this (although I wasn't paying that
much attention - I was reading email :-).
I think the 'SE' stands for 'Security Enabled' or something rather than
'SEcure'. They've added hooks to all the system calls that allow security
policies to be implemented - they haven't implemented any security themselves
afaik. So, throughout the kernel, they've added hooks that ask things like
'is JoeBob allowed to exec /usr/bin/goober?'.
You're supposed to have a module somewhere that implements a security policy
by providing answers to all these questions.
It could also be used for logging events rather than preventing them just by
recording the questions that come in and always saying 'yes'.
There were questions about stackable policies, but I don't remember what the
answer was (iirc, it was something they were working on).
Jeff
More information about the Techtalk
mailing list