On Tuesday, November 30, 2010 05:12:17 am John Doe wrote:
From: Les Mikesell lesmikesell@gmail.com
why are you putting blind faith in the SELinux code?
Because it comes from the NSA! The backdoor experts... ;P
Also the SCIF experts.
SCIFs are used by people other than intelligence agencies and in areas other than intelligence; HIPAA compliance, for instance. The wikipedia article is a good read.
In other words, SELinux embodies the SCI 'need to know' paradigm in-kernel: the process's uid might have the clearance to access a piece of data, but if it doesn't have a need to access it shouldn't be allowed to access it. And perhaps it can access, but not modify. Perhaps it needs monitoring by other processes in order to access. Etc. SELinux gives the tools to allow the decoupling of 'cleared to know' with 'need to know.'