Novell Acquires SELinux Alternative Immunix 24
G Money writes "Novell announced today that they acquired Immunix, a company the produces an alternative mandatory access control solution to SELinux using the LSM. For anyone who hasn't used both Immunix and SELinux, the difference between configuring them is like night and day. There's even a YaST module for configuration. (Disclaimer: I'm on the Defcon Immunix CTF team.)"
OT, But... (Score:2, Insightful)
Re:OT, But... (Score:2)
There are many alternatives to SELinux (Score:5, Interesting)
What will likely transpire, over time, is that all of the different solutions solve a narrow set of problems very well, but other problems poorly. That is normal and nothing to be ashamed of. What will likely happen then is that ideas will be taken from all of them to form some hybrid that works well in all arenas.
This is perfectly normal in the Unix world. System V, BSD and other Unix-like kernels have done this for decades, because it is a very efficient way to build products.
The downside, for now, is that users may become confused by the range of options. So long as the defaults are sensible and the details as transparent as the user needs them, it shouldn't matter. That depends on how well Novell are in tune with Linux versus being different for the sake of having a conversation piece.
Good Thing? (Score:5, Insightful)
A good thing is where your life becomes sweeter, funnier, easier or more pleasant in some way. Having two approaches to MAC pushed by the two leading Linux vendors makes my life (or the part I spend as a sysadmin) harder fer cryin' out loud!
What is it with Unix-like operating systems and non-primitive access control? Every Unix flavor adopted different approaches to "Red Book" security in the 1980s on top of the barely-adequate-for-academic-use Unix permissions model. Those that survived have never standardized in all those years. I really hate to see Red Hat and SuSE continue on that well-worn path. And before you say Open Source is different in this regard, take a look at the competing desktops. It's roughly 10 years that both major projects have been pursuing seperate paths. And freedesktop.org proves the point. They are expending an awful lot of effort to bridge the gap those competing projects dug between themselves.
Competing approaches are fine for research into the best way to get things done. They are also a spur to development of different approaches. But MAC is not new computer science that needs researching. And choice is often actually the enemy in a production business computing environment.
Bah!
Re:Good Thing? (Score:5, Interesting)
As for MAC, not even hearing of this thing before today, Im going to side with Novell. SELinux was developed at the NSA as a research project. While Im not saying that security is the opposite of usability, it is fair to say that a NSA research project is about as far detached from the requirements of reality as you can get. Novell, Netware, NDS, NSS, they have forgotten more about security and the real world - the real business world, then RedHat knows. Novell could taken SELinux for free, NDS-ized it, iManaged-ized it, YaST-ized it and made it distinct from any RH offering. But they went out of their way to buy a system that compeats with SELinux. Either it is significantly better today, or it will more easily be N-ized tomorrow, so it will be radically better next year.
Re:Good Thing? (Score:1)
The problem seems to be that Novell are unable or unwilling to make a decision regarding KDE or Gnome. While Gnome is regarded as a more enterprise solution (not many things to tweak is good in that environment), KDE shows amazing progress between point versions. Even though they say they support both, that is not correct. For example, by default, NLD9 comes with the red carpet applet in Gnome but not in KDE. Firefox and Evolution are completely GNOMEified - tha
Re:Good Thing? (Score:1)
The problem seems to be that Novell are unable or unwilling to make a decision regarding KDE or Gnome.
So am I.
What I don't see is why this is a problem. In my mind, the problem is that they are trying to decide at all. I suspect that the real problem is that the Ximian folks are having too much input into Novell's Linux operations (if not all operations) in general. (It might explain some of the recent rash of Novell departures as well.)
There are go
Re:Good Thing? (Score:2)
What about other people's lives?
Re:Good Thing? (Score:2)
Re:Good Thing? (Score:2)
A picture might be worth a thousand words (Score:2)
And since the framework consists
Re:A picture might be worth a thousand words (Score:3, Informative)
The user then runs the program. The system determines that this is legit. The program then tries to set the date. The system checks to see if the program is authorized (in this case, it is) and if the user is also authorized (again true in this case). The system then allows the transa
Frontend? (Score:5, Insightful)
Immunix (Score:2)
Also the point about configuration is not that important in my mind. With SELinux the vendor is supposed to provide the policy so that everything works out of the box. When properly implemented, all your services will benefit from the MAC protection without you even noticing it. Once SELinux is sufficiently integrated into an distri
Re:Immunix (Score:2, Insightful)
Red Hat is market leader (within this niche). Were Novell/SuSE just the same as Red Hat why anyone would choose them?
It is not only that Novell wants to be different, it is that they *need* to be different.
Re:Immunix (Score:2)
Re:Immunix (Score:1)
Yes, but this is much more about "perception" than about "reality". While it is true that any unix vendor tried to diferenciate themselves in order to gain market oportunity and that was called "The Unix Wars", it is even truer that Microsoft was always much much more different to anyone of those than any two others, and Microsoft made tons of money out of those dif
Re:Immunix (Score:2)
Once upon a time ...
Story meanings depend in complicated ways on both the teller and listener. But briefly, from my point of view, there was a time in the late 1980s when it looked like Unix workstation vendors might reach down into the commodity PC market and seriously challenge Microsoft for dominance there. Intel CPUs were getting faster and more capable, and it was thought that Unix would soon be viable running on cheap commodity PC
Re:Immunix (Score:1)
Yeah, I know your version of the story (which is the "usual one"), and that's exactly what I was challenging.
You say "...there was a time in the late 1980s when it looked like Unix workstation vendors might reach down into the commodity PC market and seriously challenge Microsoft for dominance there"
And I say there's nothing as "The Unix Vendors": there exists SCO, and HP, and Sun, and Microsoft, and IBM, and a lot of others wanting to make themselves millionaires. And that's the p
SELinux importance to the average user: (Score:1)
Okay, so maybe that can be taken to mean it ain't working at all so after a couple intrusive checks later tonight, if I find it still working and doing its thing properly, then I'll just ignore this whole thing. Nice that Novell is taking security
Uh oh (Score:2)