Re: http://www.golden-gryphon.com/software/security/selinux.xhtml

To: antoine <antoine@nagafix.co.uk>
Cc: SE-Linux <selinux@tycho.nsa.gov>, debian-devel@lists.debian.org, Blaisorblade <blaisorblade@yahoo.it>, Jeff Dike <jdike@addtoit.com>
Subject: Re: http://www.golden-gryphon.com/software/security/selinux.xhtml
From: Manoj Srivastava <srivasta@debian.org (va, manoj)>
Date: Thu, 09 Jun 2005 23:33:59 -0500
Message-id: <[🔎] 871x7a96fc.fsf@glaurung.internal.golden-gryphon.com>
Mail-followup-to: antoine <antoine@nagafix.co.uk>, SE-Linux <selinux@tycho.nsa.gov>, debian-devel@lists.debian.org, Blaisorblade <blaisorblade@yahoo.it>, Jeff Dike <jdike@addtoit.com>
In-reply-to: <[🔎] 20050609232031.GU8525@lkcl.net> (Luke Kenneth Casson Leighton's message of "Fri, 10 Jun 2005 00:20:31 +0100")
References: <[🔎] 20050609192026.GM8525@lkcl.net> <[🔎] 1118356920.10190.175.camel@localhost> <[🔎] 20050609232031.GU8525@lkcl.net>

On Fri, 10 Jun 2005 00:20:31 +0100, Luke Kenneth Casson Leighton <lkcl@lkcl.net> said: 

> On Thu, Jun 09, 2005 at 11:42:00PM +0100, antoine wrote:
>> On Thu, 2005-06-09 at 20:20 +0100, Luke Kenneth Casson Leighton wrote:
>> > manoj, hi,
>> > 
>> > i am delighted to see the above web page re: selinux.
>> Err?

>  never seen it before :)

>> > 
>> > i notice you mention that there is an effort underway to make a
>> > uml-selinux.
>> > 
>> > perhaps i should mention that it is utterly trivial to set up a
>> > xen system with a guest domain running pretty much any kind of
>> > kernel - including selinux enabled ones.

>> We have been running selinux guest kernels in uml for years, that
>> was

>  _great_.

>  hm - the above page gives the impression that it hasn't been:

> 	  "There also has been an interest in creating an
> 	                                      ^^^^^^^^
> 	  SELinux UML, since it allows for rapid testing of policies,
> 	  and packages, and to observe the reaction of the machine to
> 	  threats and other stimuli. However, it has been tedious,
> 	  traditionally, to create a UML that can be run in enforcing
> 	  mode. A recipe for doing so has been created..."

------------------^^^^^^

  Recipe \Rec"i*pe\ (r[e^]s"[i^]*p[-e]), n.; pl. {Recipes}
     (r[e^]s"[i^]*p[=e]z). [L., imperative of recipere to take
     back, take in, receive. See {Receive}.]

     4. a method or procedure for accomplishing a goal by defined
        steps; -- implying a high probability of achieving the
        goal; as, a recipe for success. Also used in a negative
        sense, as, a recipe for disaster.

>> not the issue here,

>> or are you just doing xen advocacy?

>  i was under the impression, from the above, that somehow debian
>  cannot run selinux/uml.

        If it were not possible to do so, a recipe could also not have
 been created.


>  hm.  sorry about that - the above URL gives an impression other
>  than that.

        Onnly if you
  a) do not understand the meaning of the word recipe, and
  b) do not follow the link down to
     http://www.golden-gryphon.com/software/security/selinux-uml.xhtml


        manoj
-- 
Calling you stupid is an insult to stupid people! Wanda, "A Fish
Called Wanda"
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

References:
- http://www.golden-gryphon.com/software/security/selinux.xhtml
  - From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
- Re: http://www.golden-gryphon.com/software/security/selinux.xhtml
  - From: antoine <antoine@nagafix.co.uk>
- Re: http://www.golden-gryphon.com/software/security/selinux.xhtml
  - From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>

Prev by Date: Re: libselinux1 - required
Next by Date: Re: C++ ABI change -- freezing unstable for new C++ library packages
Previous by thread: Re: http://www.golden-gryphon.com/software/security/selinux.xhtml
Next by thread: inconsistent newlines while configuring packages?
Index(es):
- Date
- Thread