This is the mail archive of the
mailing list for the Cygwin project.
Re: Are there any SELinux tools available for Cygwin?
- From: Warren Young <warren at etr-usa dot com>
- To: Cygwin-L <cygwin at cygwin dot com>
- Date: Tue, 03 Jun 2014 13:20:26 -0600
- Subject: Re: Are there any SELinux tools available for Cygwin?
- Authentication-results: sourceware.org; auth=none
- References: <1401440703000-108952 dot post at n5 dot nabble dot com> <5388CD7E dot 5010800 at etr-usa dot com> <1401525653800-108975 dot post at n5 dot nabble dot com> <CAAeCd-OrJiExq2hUZ2-6RR0Nzz0GpeoVBaCgzPYEbEjykrH9nw at mail dot gmail dot com> <1401561239482-108983 dot post at n5 dot nabble dot com> <538CBD76 dot 4030903 at etr-usa dot com> <1401785919671-109064 dot post at n5 dot nabble dot com>
On 6/3/2014 02:58, PolarStorm wrote:
But it would be more interesting to hear why you think all of them are
Option 1, Cygwin supports its own flavor of SELinux, incompatible with
all others. Do I really need to tell you why this is a bad idea?
Option 2, Cygwin picks one of the three preexisting flavors to emulate.
Most likely reason to fail: Windows's MAC system -- such as it is --
doesn't work even vaguely like SELinux, so Cygwin cannot emulate SELinux
in terms of Windows kernel mechanisms. The best it could do is provide
a soft emulation that only works among programs based on Cygwin, and
then only to the extent that they play by the rules and make all their
I/O calls via cygwin1.dll. As soon as they bypass the Cygwin DLL, the
benefits of SELinux go away. You do know what the M in MAC stands for,
right? It'd be like using velvet ropes to fence off a preschool playground.
Option 3, emulate all preexisting SELinux flavors. Most likely reason
to fail: Take Option 2 and multiply it by 3. Then ask yourself who will
do all that low-value work.
Thanks for taking the time to give a proper answer, I very much appreciate
My first post was a proper answer. It gave you a perfectly legitimate
solution to the problem. The fact that you didn't *like* the answer
does not rob it of legitimacy.
One of the biggest mistakes people make when asking for help is
specifying the solution in advance.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple