This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Are there any SELinux tools available for Cygwin?
- From: Warren Young <warren at etr-usa dot com>
- To: Cygwin-L <cygwin at cygwin dot com>
- Date: Tue, 03 Jun 2014 13:20:26 -0600
- Subject: Re: Are there any SELinux tools available for Cygwin?
- Authentication-results: sourceware.org; auth=none
- References: <1401440703000-108952 dot post at n5 dot nabble dot com> <5388CD7E dot 5010800 at etr-usa dot com> <1401525653800-108975 dot post at n5 dot nabble dot com> <CAAeCd-OrJiExq2hUZ2-6RR0Nzz0GpeoVBaCgzPYEbEjykrH9nw at mail dot gmail dot com> <1401561239482-108983 dot post at n5 dot nabble dot com> <538CBD76 dot 4030903 at etr-usa dot com> <1401785919671-109064 dot post at n5 dot nabble dot com>
On 6/3/2014 02:58, PolarStorm wrote:
But it would be more interesting to hear why you think all of them are
"doomed"?
Okay.
Option 1, Cygwin supports its own flavor of SELinux, incompatible with
all others. Do I really need to tell you why this is a bad idea?
Option 2, Cygwin picks one of the three preexisting flavors to emulate.
Most likely reason to fail: Windows's MAC system -- such as it is --
doesn't work even vaguely like SELinux, so Cygwin cannot emulate SELinux
in terms of Windows kernel mechanisms. The best it could do is provide
a soft emulation that only works among programs based on Cygwin, and
then only to the extent that they play by the rules and make all their
I/O calls via cygwin1.dll. As soon as they bypass the Cygwin DLL, the
benefits of SELinux go away. You do know what the M in MAC stands for,
right? It'd be like using velvet ropes to fence off a preschool playground.
Option 3, emulate all preexisting SELinux flavors. Most likely reason
to fail: Take Option 2 and multiply it by 3. Then ask yourself who will
do all that low-value work.
Thanks for taking the time to give a proper answer, I very much appreciate
it.
My first post was a proper answer. It gave you a perfectly legitimate
solution to the problem. The fact that you didn't *like* the answer
does not rob it of legitimacy.
One of the biggest mistakes people make when asking for help is
specifying the solution in advance.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple