On Wednesday, September 01, 2010 20:54:47 JB wrote: > Thanks. It was my intention to induce a reaction to my post. > Your opinion is appreciated, regardless of whether friendly or not :-) My opinion is always intended to be friendly, otherwise I would keep it to myself. :-) > > > - it should be configurable: > > > - by sys admin and user (selectively) > > > > Any system-wide configuration is done by root, or delegated by sudo. > > SELinux is not different here than any other security system in Linux. > > I meant an option for a user to be able to select granularity of > diagnostics. There could be more user customization - we would let the > users speak. There is always room for improvement in any piece of software, especially new things like SELinux. That said, I am not entirely sure how much customization abilities should an ordinary user be allowed to have, when it comes to security software. The main mantra of security is "trust noone", which really means to trust an absolute minimum amount of people (ideally only the root). An ordinary user has no business tampering with security stuff on the machine. And this is not news. Try to change the ownership of a file as an ordinary user (to "disown" your own file), for example. The chown simply won't allow you to do it, it is a serious security hole. There is a very strong limit to what is an ordinary user allowed to configure with security software. And there are good reasons for that. Usually you don't want to allow non-root users to get anywhere near security settings, with a very few exceptions I guess. > > > - dynamically > > > > I am not sure what you mean by this, because "dynamics" in general refers > > to "changing in time", which is already covered above. > > Not exactly. > I meant like changing config on demand (in the spirit of on-demand/dynamic > loading of config modules, libraries, etc), with an immediate effect, w/o > additional steps (daemon restarts to reread config files, etc). This is probably possible to implement, if there is a need for such functionality. But there is a long way to go. Mind you, the today's SELinux implementation is still not completely operational as it is theoretically intended. Most of the labels are still ignored (as far as I know, only the "type" field from the context is being checked by the current policy, but I may be out of date on this). As time goes by, the functionality of SELinux will increase further. If there ever comes a need for dynamic loading of some modules and such, I am sure people will implement it. > > > - it should be self-contained, installable and removable at any time, > > > without influencing the system > > > > No serious security system can run entirely in userspace, they are all > > implemented in the kernel. Standard UNIX permissions, firewall, SELinux, > > you name it. That said, SELinux and firewall can be enabled/disabled by > > root in a whim, while with the permissions system it is far from easy > > (to disable it one would need to do a filesystem-wide chmod and chown, > > while reenabling it afterwards is almost impossible). > > Have you seen how many people asked about it (hint: search Google) ? This has been debated to death on a lot of places, including this list. In a nutshell, in all those debates I never saw anyone provide a reasonable argument for wanting to completely remove SELinux. Have you asked any of those people *why* do they want to remove it? It is equally "smart" as completely removing a firewall from a system, and equally impossible --- you have to tweak the kernel at compilation time and on source code level in order to achieve something like that. And to what purpose? If you disable SELinux, the appropriate code in the kernel (and also in userspace) will simply never get executed, and it is as good as absent from the system. Whatever the reasons might be for not having SELinux active, removing the actual code from the kernel is really an overkill. OTOH, there are some very valid (security and functionality) reasons why that code should be an integral part of the kernel, and not in userspace. > Btw, you omitted other reasons people feel funny about this software. They > expressed their feelings in various posts here. I doubt it very much you > can change people's opinion (however irrational it may be) when it is based > on their ideological/philosophical grounds. Well, I would roughly classify those feelings and opinions into two major groups: * the "SELinux just gets in my way" group, and * the "I don't trust anything from NSA" group. Fighting old habits is always hard, because people are reluctant to change them until they gain new experience (ie. until they get rooted and lose a huge amount of data and/or money). And if some of those habits are bad, people take offense when a machine tries to protect them from themselves (the typical "don't-you-try-to-stop-me-from-shooting-myself-in-the-foot" behavior). It is natural, but I guess those people will eventually swallow their "pride" and learn to do things in a safer way. As for the paranoia about the NSA, I actually find it rather amusing. This behavior appears to be limited mainly to US citizens, since for the rest of us the NSA seems as important as some government institution in, say, Zimbabwe would be important to a typical US citizen. Without getting into politics, it's just some government agency relevant to some people living halfway across the globe, from my POV. And I don't see a problem with this institution (or any other, for that matter) engaging into research of computer security. That said, I do understand that there is some animosity among people living in USA related to the "Big Brother"-type agency and such. But I look at it this way --- it is a Good Thing that NSA is the main creator of this software. First, they have a lot of funding to invest into the research. Second, given that all SELinux code is open source, there will be quite enough paranoid people to dig through that code inside-out looking for any backdoor NSA folks might put there. This actually adds to the quality of the code, since it gets scrutinized more than anything else running on your computer. Overall, I am actually thankful that a very serious institution like the NSA is the major player behind SELinux. :-) That may sound weird to some people, but is actually quite natural. Ok, now, why do I have a feeling that this is going to turn into yet another very very long thread? ;-) HTH, :-) Marko -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
