Re: [devel] SELinux в ядрах ALT

ALT Linux Team development discussions
 help / color / mirror / Atom feed

From: Alexey Tourbin <at@altlinux.ru>
To: ALT Linux Team development discussions <devel@lists.altlinux.org>
Subject: Re: [devel] SELinux в ядрах ALT
Date: Sun, 9 Mar 2008 09:59:09 +0300
Message-ID: <20080309065909.GA24653@solemn.turbinal> (raw)
In-Reply-To: <e12fd2db0803080900x47641afao4b0961bf33a9cbee@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 792 bytes --]

On Sat, Mar 08, 2008 at 07:00:52PM +0200, Eugene Ostapets wrote:
> Я понимаю, что многим проще распихать сетевые сервисы по отдельным
> контейнерам, а не заниматься настройкой мандатной системы
> безопасности, но...

Кстати, научный профессор DJB Бернштейн считает, что SELinux
ничего не даёт и нифига не нужен.

	I have become convinced that this "principle of least privilege"
	is fundamentally wrong. Minimizing privilege might reduce the
	damage done by some security holes but almost never fixes the
	holes. Minimizing privilege is not the same as minimizing the
	amount of trusted code, does not have the same benefits as
	minimizing the amount of trusted code, and does not move us any
	closer to a secure computer system.

http://cr.yp.to/qmail/qmailsec-20071101.pdf

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

next prev parent reply	other threads:[~2008-03-09  6:59 UTC|newest]

Thread overview: 59+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-08 17:00 Eugene Ostapets
2008-03-08 17:11 ` Aleksey Novodvorsky
2008-03-08 17:45   ` Eugene Ostapets
2008-03-08 17:16 ` [devel] SELinux в ядрах и userspace ALT Dmitry V. Levin
2008-03-08 17:40   ` Eugene Ostapets
2008-03-08 18:04     ` Michael Shigorin
2008-03-08 18:08       ` Eugene Ostapets
2008-03-08 19:49         ` Michael Shigorin
2008-03-08 20:14           ` Dmitry V. Levin
2008-03-10 19:46   ` Alexey I. Froloff
2008-03-10 19:50     ` Dmitry V. Levin
2008-03-10 19:51       ` Mikhail Gusarov
2008-03-10 20:16       ` Alexey I. Froloff
2008-03-10 20:20         ` Dmitry V. Levin
2008-03-10 20:29     ` Eugene Ostapets
2008-03-10 20:48       ` Alexey I. Froloff
2008-03-10 20:53         ` Eugene Ostapets
2008-03-10 21:06           ` Михаил Якушин
2008-03-10 21:09             ` Eugene Ostapets
2008-03-10 21:15               ` Михаил Якушин
2008-03-11 20:43             ` Konstantin A. Lepikhov
2008-03-12  8:00               ` Denis Medvedev
2008-03-11  5:08           ` Andrey Rahmatullin
2008-03-11  6:58             ` Eugene Ostapets
2008-03-11  7:30               ` Andrey Rahmatullin
2008-03-10 20:57         ` Led
2008-03-10 21:11           ` [devel] [JT] " Alexey I. Froloff
2008-03-10 21:16             ` Михаил Якушин
2008-03-10 21:26               ` Led
2008-03-10 21:52               ` Денис Смирнов
2008-03-10 21:51             ` Денис Смирнов
2008-03-08 17:20 ` [devel] SELinux в ядрах ALT Igor Zubkov
2008-03-08 17:43   ` Eugene Ostapets
2008-03-08 22:38   ` Anton Farygin
2008-03-08 23:00     ` Dmitry V. Levin
2008-03-09  8:02       ` Anton Farygin
2008-03-09 13:42         ` Dmitry V. Levin
2008-03-09 13:52           ` Eugene Ostapets
2008-03-09 14:07             ` Dmitry V. Levin
2008-03-09 17:35               ` Денис Смирнов
2008-03-09 17:42                 ` Eugene Ostapets
2008-03-09 18:36                   ` Dmitry V. Levin
2008-03-09 17:45                 ` Alexey Tourbin
2008-03-09 18:35                 ` Dmitry V. Levin
2008-03-10  5:35                   ` Денис Смирнов
2008-03-10  0:03                 ` Igor Zubkov
2008-03-10  0:06                   ` Igor Zubkov
2008-03-10  1:42                     ` [devel] rpm-5.0.3 Dmitry V. Levin
2008-03-10 13:48                       ` Alexander Myltsev
2008-03-10 14:57                         ` Igor Zubkov
2008-03-09 15:05           ` [devel] SELinux в ядрах ALT Anton Farygin
2008-03-08 22:41 ` Anton Farygin
2008-03-09  6:59 ` Alexey Tourbin [this message]
2008-03-09  7:17   ` Хихин Руслан
2008-03-09  8:03   ` Eugene Ostapets
2008-03-10  5:37   ` Денис Смирнов
2008-03-09 18:08 ` Михаил Якушин
2008-03-09 18:16   ` Eugene Ostapets
2008-03-10 11:53     ` Михаил Якушин

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080309065909.GA24653@solemn.turbinal \
    --to=at@altlinux.ru \
    --cc=devel@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux Team development discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
		devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
	public-inbox-index devel

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git