Re: [patch 1/3] lsm: add bsdjail module

[Colin Walters]

[ Sorry for the lack of References, I'm not on this list and had to grab
the message from the web archives ]

> On Iau, 2004-10-07 at 00:26, Andrew Morton wrote:
> > I don't recall anyone requesting this feature.  Tell me why we should add
> > it to Linux?
> 
> Subject to the code cleanups and stuff you've noted I'd actually like to
> see BSD jail stuff in our security modules because it has the virtue of
> simplicity. If it can be extended to do all of vserver even better. J
> Random Admin has a good chance at configuring BSD jails etups. J Random
> Admin needs some serious tools that don't exist to set up SELinux the
> same way.
> 
> In the security world simplicity is often a virtue, both in code and
> concepts.

BSD jails are a kind of halfway point on the 
"access control <-> virtualization" sliding scale.  Certainly, using
SELinux for virtualization is not trivial, and I think that's fine; it
is not its intended purpose.  But let's be honest - using BSD jails for
strong access control ("security") has its own downsides.  For example,
now J Random Admin has N rpm/dpkg databases to manage on the same system
instead of one.  Or they have hand-rolled chroots which need their own
special treatment, scripts, etc.

In other words, BSD jails and SELinux are certainly not the same thing.
This becomes more obvious when you realize that hey - SELinux is still
useful inside a BSD jail.  Why should the cracked sendmail daemon be
able to destroy your configuration and the rest of the chroot?  You
might even want BSD jails to enforce different SELinux policies.

Attachment: signature.asc
Description: This is a digitally signed message part