[PLUG] ccs-tools and Mandriva...

Rahul Sundaram sundaram at fedoraproject.org
Wed Aug 27 13:23:19 PDT 2008


म.हा.सा.ग.र wrote:
> I saw this *ccs-tools* (also called Mandatory Access Control) and tried to 
> search deeper but could not understand much...
> 
> can anybody tell more about this in non-techie's terms...

Sure. Classic Unix permissions is called discretionary access control 
(ie) based on users, who you are logged in determines which files you 
have access to. Mandatory access control is centralized administrated 
controlled policy. Conceptually you can think of it as a internal 
firewall between programs. In DAC, root user has supreme access to 
everything. In MAC, it can be much more fine grained. To demonstrate the 
power of this, this public system has been setup with root password 
given in the website itself. You still won't be able to do much because 
the SELinux policy in the system is very strictly confined

http://www.coker.com.au/selinux/play.html

Rahul



More information about the plug-mail mailing list