Re: Naming convention flames

[Stephen Smalley <sds epoch ncsc mil>]

On Fri, 2004-04-02 at 14:06, Dax Kelson wrote:
> Obviously the features that POSIX file ACLs provides is a subset of what
> SELinux provides.

No.  POSIX ACLs are a form of DAC, just slightly finer-grained.  SELinux
provides MAC.  They are orthogonal.

> I'm a fan of SELinux with it's way enforce the "correct behavior" of
> applications, but if you are just narrowly looking at the a solution for
> granular file permissions, then POSIX file ACLs are all you need.

Not if you want to counter the classic limitations of DAC.

> I suppose in a SELinux environment, POSIX file ACLs are redundant and
> uneeded (except for the "default permissions" (ala a custom umask) for a
> directory feature).
> Speaking of which, how does SELinux file permissions interact with a
> directory that has a default ACL applied?

No, ACLS can still be useful for fine grained DAC.  Both the DAC (ACLs
or otherwise) and MAC must approve each operation.

Why is DAC inadequate?
- Decisions are only based on user identity and ownership.
- There is no protection against flawed or malicious software.  
- Each user has complete discretion over his own objects.
- There are typically only two major categories of users: 
administrators or others.
- Many system services and privileged programs must run with
coarse-grained privileges or even full administrator access.

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency