Re: http://www.golden-gryphon.com/software/security/selinux.xhtml

On Fri, 10 Jun 2005 00:20:31 +0100, Luke Kenneth Casson Leighton <lkcl@lkcl.net> said: 

> On Thu, Jun 09, 2005 at 11:42:00PM +0100, antoine wrote:
>> On Thu, 2005-06-09 at 20:20 +0100, Luke Kenneth Casson Leighton wrote:
>> > manoj, hi,
>> > 
>> > i am delighted to see the above web page re: selinux.
>> Err?

>  never seen it before :)

>> > 
>> > i notice you mention that there is an effort underway to make a
>> > uml-selinux.
>> > 
>> > perhaps i should mention that it is utterly trivial to set up a
>> > xen system with a guest domain running pretty much any kind of
>> > kernel - including selinux enabled ones.

>> We have been running selinux guest kernels in uml for years, that
>> was

>  _great_.

>  hm - the above page gives the impression that it hasn't been:

> 	  "There also has been an interest in creating an
> 	                                      ^^^^^^^^
> 	  SELinux UML, since it allows for rapid testing of policies,
> 	  and packages, and to observe the reaction of the machine to
> 	  threats and other stimuli. However, it has been tedious,
> 	  traditionally, to create a UML that can be run in enforcing
> 	  mode. A recipe for doing so has been created..."


  Recipe \Rec"i*pe\ (r[e^]s"[i^]*p[-e]), n.; pl. {Recipes}
     (r[e^]s"[i^]*p[=e]z). [L., imperative of recipere to take
     back, take in, receive. See {Receive}.]

     4. a method or procedure for accomplishing a goal by defined
        steps; -- implying a high probability of achieving the
        goal; as, a recipe for success. Also used in a negative
        sense, as, a recipe for disaster.

>> not the issue here,

>> or are you just doing xen advocacy?

>  i was under the impression, from the above, that somehow debian
>  cannot run selinux/uml.

        If it were not possible to do so, a recipe could also not have
 been created.

>  hm.  sorry about that - the above URL gives an impression other
>  than that.

        Onnly if you
  a) do not understand the meaning of the word recipe, and
  b) do not follow the link down to

Calling you stupid is an insult to stupid people! Wanda, "A Fish
Called Wanda"
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

