SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [Linux-privs-discuss] SELinux & Linux-privs projects This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Stephen Smalley <sds_at_tislabs.com> Date: Thu, 11 Jan 2001 11:59:47 -0500 (EST) On Thu, 11 Jan 2001, Christoph Hellwig wrote: > > It is also quite different > > from POSIX.1e mandatory access controls, which are tied to a > > specific kind of mandatory security policy. > > Capabilities and mac are of course different, otherwise you probably > won't find them in the same posix standard... I guess my antecedent was ambiguous. I was trying to say that the SELinux mandatory access controls are quite different from POSIX.1e mandatory access controls, because SELinux provides a flexible mandatory access control architecture that can support many different kinds of security policies while POSIX.1e is limited to a particular kind of security policy (multi-level security, and perhaps Biba integrity or other lattice-based models). SELinux can support lattice-based models like multi-level security, but it can also support Type Enforcement, Role-Based Access Control, and other models. So POSIX.1e MAC only does a subset of what SELinux does. -- Stephen D. Smalley, NAI Labs sds@tislabs.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Thu 11 Jan 2001 - 12:19:56 EST This message: [ Message body ] Next message: Andi Kleen: "Re: [selinux] Re: SELinux and covert channels" Previous message: Stephen Smalley: "Re: [Linux-privs-discuss] SELinux & Linux-privs projects" In reply to: Christoph Hellwig: "Re: [Linux-privs-discuss] SELinux & Linux-privs projects" Next in thread: Robert Watson: "Re: [Linux-privs-discuss] SELinux & Linux-privs projects" Reply: Robert Watson: "Re: [Linux-privs-discuss] SELinux & Linux-privs projects" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom