furseal’s lair

Lately I’m assigned to study selinux and have an indepth understanding about this complicated stuff. What so called “pioneer” or “leading technology” directly equals “not handy”, “all you got is man” and “RTFS” (Read The Fxxking Source).

Well, the idea of MAC is not new. Its implementation is never hard, but complicated. If you ever build a website for enterprise customers, you’ll know what I’m saying. The design of access control toward web pages, moduels, functions…etc is just as it is employed in SELinux, a matrix (called “access vector” in SELinux). What makes it so much like in a extremely geek world is its enganglement with operating system.

When writing an access control module for a website, all you have to care is database design and programming logic. What if we want to write an access control module in an operating system? Then you have to take good care of boot-up, file system, processes, sockets… blah blah. Besides, you’ll need to hack (well, not so hacking, but it feels like a hacker’s job) into the kernel, stuff hooks in, then wrap it up again. This, is what “Linux Security Module” doing.

So, now, I registered to redhat selinux mailling list, to absorb some “selinux pros” atmosphere…