or it just means that the tool to regulat the network is different from
the tool to regulate the filesystem.
oh, by the way. that's how the rest of the *nix world works. firewall
rules apply to networking, filesystem permissions and ACLs apply to the
filesystem.
this is like climing that the latest improvement to ipsec shouldn't go in
becouse it down't allow you to handle things the same way that you handle
temp files or a serial port.
if you are doing a system-wide analysis then you are correct.
the AA approach is to start with the exposed items and limit the damage
that can be done to you.
sysadmins already think in terms of paths and what can access that path
(directory permissions), AA extends this in a very natural way and doesn't
require any special tools or extra steps for normal administration. As a
result sysadmins are far more likely to use this then they are to touch
anything that requires that they do a full system analysis before they
start.
another advantage is that since the policies are independant of each other
it becomes very easy for software to include sample policies with the
source.
it is possible to say that without assistance from an outside process the
process cannot access the files containing your mail.
if there is some other method of accessing the content no filesystem-level
thing can know about it (for example, if another process is a pop server
that requires no password). but I don't beleive that SELinux policies as
distributed by any vendor would prevent this (yes, it would be possible
for a tailored policy to prevent it, but if the policy is so complex that
only distro staff should touch it that doesn't matter in real life)
David Lang
-
