linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Re: difference between ACLs and SElinux
       [not found] <CANWArFvKbGcP_VFedyM1SGQsXKPx5Md9Ak0vxqfoCcGq9Ozruw@mail.gmail.com>
@ 2012-02-13  9:10 ` Bernd Petrovitsch
  2012-02-13 18:14   ` Casey Schaufler
  0 siblings, 1 reply; 2+ messages in thread
From: Bernd Petrovitsch @ 2012-02-13  9:10 UTC (permalink / raw)
  To: bharat dhaker; +Cc: linux-kernel, kernelnewbies

Hi!

On Mon, 2012-02-13 at 14:30 +0530, bharat dhaker wrote:
[...]
> I want to know the differences between ACLs and SElinux. Does anyone know
> which file-systems supports SElinux?

Google knows;-)

Actually you make a small partition for each filesystem and try it out.

	Bernd
-- 
Bernd Petrovitsch                  Email : bernd@petrovitsch.priv.at
                     LUGA : http://www.luga.at


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: difference between ACLs and SElinux
  2012-02-13  9:10 ` difference between ACLs and SElinux Bernd Petrovitsch
@ 2012-02-13 18:14   ` Casey Schaufler
  0 siblings, 0 replies; 2+ messages in thread
From: Casey Schaufler @ 2012-02-13 18:14 UTC (permalink / raw)
  To: Bernd Petrovitsch
  Cc: bharat dhaker, linux-kernel, kernelnewbies, linux-security-module

On 2/13/2012 1:10 AM, Bernd Petrovitsch wrote:
> Hi!
>
> On Mon, 2012-02-13 at 14:30 +0530, bharat dhaker wrote:
> [...]
>> I want to know the differences between ACLs and SElinux.

The differences are many:

ACLs are an extension of the standard Linux Discretionary
Access Control (DAC) mechanism. SELinux is a supplemental
Mandatory Access Control (MAC) scheme.

ACLs are based on the withdrawn POSIX P1003.1e/2c DRAFT
Standard and reflects a rough consensus of the industries
Unix security experts of its day. SELinux started out as
the Flask micro-kernel security architecture.

ACLs are part of the base kernel, while SELinux is a
Linux Security Module.


>> Does anyone know
>> which file-systems supports SElinux?

It's really much more the other way around. SELinux
uses extended attributes (xattrs) and can take advantage
of any filesystem that supports them.

> Google knows;-)
>
> Actually you make a small partition for each filesystem and try it out.
>
> 	Bernd


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-02-13 18:14 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <CANWArFvKbGcP_VFedyM1SGQsXKPx5Md9Ak0vxqfoCcGq9Ozruw@mail.gmail.com>
2012-02-13  9:10 ` difference between ACLs and SElinux Bernd Petrovitsch
2012-02-13 18:14   ` Casey Schaufler

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).