[cap-talk] SELinux vs. capabilities
toby.murray at comlab.ox.ac.uk
Sun Jul 29 13:01:46 EDT 2007
On Sun, 2007-07-29 at 12:16 -0400, Jonathan S. Shapiro wrote:
> However, this only goes so far. The possibility of capability transfer
> across application domain boundaries in SELinux is a significant hole in
> the architecture.
This "hole" is present in all capability systems, yes? Why, then, should
it be a problem for SELinux but not for E/Coyotos/Joe-E etc? It appears
to me that it is a problem to SELinux if and only if it's also a problem
to the latter object-capability platforms.
The usual stance is that it is, in fact, not a problem for the latter
object-cap platforms. Hence, my inference is that it's also not a
problem for SELinux.
The only way I can see that it might be a problem for SELinux is that it
gives the illusion that it might prevent such transfers, whereas the
object-cap platforms have no such pretensions.
More information about the cap-talk