This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Are there any SELinux tools available for Cygwin?

On 6/3/2014 02:58, PolarStorm wrote:

But it would be more interesting to hear why you think all of them are


Option 1, Cygwin supports its own flavor of SELinux, incompatible with all others. Do I really need to tell you why this is a bad idea?

Option 2, Cygwin picks one of the three preexisting flavors to emulate. Most likely reason to fail: Windows's MAC system -- such as it is -- doesn't work even vaguely like SELinux, so Cygwin cannot emulate SELinux in terms of Windows kernel mechanisms. The best it could do is provide a soft emulation that only works among programs based on Cygwin, and then only to the extent that they play by the rules and make all their I/O calls via cygwin1.dll. As soon as they bypass the Cygwin DLL, the benefits of SELinux go away. You do know what the M in MAC stands for, right? It'd be like using velvet ropes to fence off a preschool playground.

Option 3, emulate all preexisting SELinux flavors. Most likely reason to fail: Take Option 2 and multiply it by 3. Then ask yourself who will do all that low-value work.

Thanks for taking the time to give a proper answer, I very much appreciate

My first post was a proper answer. It gave you a perfectly legitimate solution to the problem. The fact that you didn't *like* the answer does not rob it of legitimacy.

One of the biggest mistakes people make when asking for help is specifying the solution in advance.

Problem reports:
Unsubscribe info:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]