Linked by Thom Holwerda on Tue 19th Feb 2008 13:28 UTC, submitted by LinucksGirl
Linux Role-based access control is a general security model that simplifies administration by assigning roles to users and then assigning permissions to those roles. Learn how RBAC in SELinux acts as a layer of abstraction between the user and the underlying TE model, and how the three pieces of an SELinux context (policy, kernel, and userspace) work together to enforce the RBAC and tie Linux users into the TE policy.
Thread beginning with comment 301430
To read all comments associated with this story, please click here.
Show of hands...
by robinh on Tue 19th Feb 2008 16:20 UTC
robinh
Member since:
2006-12-19

OK, so how many of you Fedora 8 users have switched off SELinux altogether after becoming angry at it getting in your way??!?

(raises hand..)

Reply Score: 3

RE: Show of hands...
by karl1 on Tue 19th Feb 2008 18:28 in reply to "Show of hands..."
karl1 Member since:
2005-06-29

OK, so how many of you Fedora 8 users have switched off SELinux altogether after becoming angry at it getting in your way??!?

(raises hand..)


Show of hands -- how many Windows XP users are running as Administrator instead of creating their own user account?

-- Same difference -- real security will require some system knowledge and appear to "get in the way".

Edited 2008-02-19 18:29 UTC

Reply Parent Score: 3

RE: Show of hands...
by superman on Tue 19th Feb 2008 19:34 in reply to "Show of hands..."
superman Member since:
2006-08-01

> OK, so how many of you Fedora 8 users have switched off SELinux

[root@one ~]# cat /etc/system-release
Fedora release 8 (Werewolf)
[root@one ~]# getenforce
Enforcing
[root@one ~]#

Reply Parent Score: 1

RE: Show of hands...
by unoengborg on Tue 19th Feb 2008 23:23 in reply to "Show of hands..."
unoengborg Member since:
2005-07-06

OK, so how many of you Fedora 8 users have switched off SELinux altogether after becoming angry at it getting in your way??!? (raises hand..)


Probably not that many, Red Hat have done a very good job of creating a good targeted policies and good admin tools where the most common things changes can be made by checking a checkbox. The only problem with their targeted policy is that it is maily targeted at services and does very little to protect desktop users.

Reply Parent Score: 3

RE[2]: Show of hands...
by Rahul on Wed 20th Feb 2008 08:44 in reply to "RE: Show of hands..."
Rahul Member since:
2005-07-06

This is not quite true. While SELinux has a more definite advantage for servers, the targeted policy already covers a number of desktop components like dbus, hal, mozilla, thunderbird, evolution, mplayer and so on.

There is however need for SELinux support in X that is happening as part of the next Xorg release as well as more user space confinement.

Reply Parent Score: 3