[PLUG] ccs-tools and Mandriva...
sundaram at fedoraproject.org
Wed Aug 27 13:23:19 PDT 2008
> I saw this *ccs-tools* (also called Mandatory Access Control) and tried to
> search deeper but could not understand much...
> can anybody tell more about this in non-techie's terms...
Sure. Classic Unix permissions is called discretionary access control
(ie) based on users, who you are logged in determines which files you
have access to. Mandatory access control is centralized administrated
controlled policy. Conceptually you can think of it as a internal
firewall between programs. In DAC, root user has supreme access to
everything. In MAC, it can be much more fine grained. To demonstrate the
power of this, this public system has been setup with root password
given in the website itself. You still won't be able to do much because
the SELinux policy in the system is very strictly confined
More information about the plug-mail