Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Novell Linux Business Security Software Linux

Novell Acquires SELinux Alternative Immunix 24

Posted by timothy from the lockdown dept.
G Money writes "Novell announced today that they acquired Immunix, a company the produces an alternative mandatory access control solution to SELinux using the LSM. For anyone who hasn't used both Immunix and SELinux, the difference between configuring them is like night and day. There's even a YaST module for configuration. (Disclaimer: I'm on the Defcon Immunix CTF team.)"
This discussion has been archived. No new comments can be posted.

Novell Acquires SELinux Alternative Immunix More

Novell Acquires SELinux Alternative Immunix

Comments Filter:

  • OT, But... (Score:2, Insightful)

    by poopdeville ( 841677 )
    This was posted more than 20 minutes ago. Looks like nobody cares!

  • There are many alternatives to SELinux (Score:5, Interesting)

    by jd ( 1658 ) <imipak@ y a hoo.com> on Tuesday May 10, 2005 @09:51PM (#12494820) Homepage Journal
    And that is a Good Thing. It is also good that at least one such alternative is now getting the backing of a major vendor.


    What will likely transpire, over time, is that all of the different solutions solve a narrow set of problems very well, but other problems poorly. That is normal and nothing to be ashamed of. What will likely happen then is that ideas will be taken from all of them to form some hybrid that works well in all arenas.


    This is perfectly normal in the Unix world. System V, BSD and other Unix-like kernels have done this for decades, because it is a very efficient way to build products.


    The downside, for now, is that users may become confused by the range of options. So long as the defaults are sensible and the details as transparent as the user needs them, it shouldn't matter. That depends on how well Novell are in tune with Linux versus being different for the sake of having a conversation piece.

    • Good Thing? (Score:5, Insightful)

      by hbo ( 62590 ) * on Tuesday May 10, 2005 @10:20PM (#12494962) Homepage
      And that is a Good Thing.

      A good thing is where your life becomes sweeter, funnier, easier or more pleasant in some way. Having two approaches to MAC pushed by the two leading Linux vendors makes my life (or the part I spend as a sysadmin) harder fer cryin' out loud!

      What is it with Unix-like operating systems and non-primitive access control? Every Unix flavor adopted different approaches to "Red Book" security in the 1980s on top of the barely-adequate-for-academic-use Unix permissions model. Those that survived have never standardized in all those years. I really hate to see Red Hat and SuSE continue on that well-worn path. And before you say Open Source is different in this regard, take a look at the competing desktops. It's roughly 10 years that both major projects have been pursuing seperate paths. And freedesktop.org proves the point. They are expending an awful lot of effort to bridge the gap those competing projects dug between themselves.

      Competing approaches are fine for research into the best way to get things done. They are also a spur to development of different approaches. But MAC is not new computer science that needs researching. And choice is often actually the enemy in a production business computing environment.

      Bah!

      • Re:Good Thing? (Score:5, Interesting)

        by T-Ranger ( 10520 ) <jeffw@cheMENCKENbucto.ns.ca minus author> on Wednesday May 11, 2005 @03:30AM (#12496646) Homepage
        While SuSE was a big developer/user/promoter of KDE, Ximian was the single biggest developer/user/promoter of Gnome. Currently, it seems that Novell has decided they are both wrong, and is going with Mono. Sadly, I am only half joking.

        As for MAC, not even hearing of this thing before today, Im going to side with Novell. SELinux was developed at the NSA as a research project. While Im not saying that security is the opposite of usability, it is fair to say that a NSA research project is about as far detached from the requirements of reality as you can get. Novell, Netware, NDS, NSS, they have forgotten more about security and the real world - the real business world, then RedHat knows. Novell could taken SELinux for free, NDS-ized it, iManaged-ized it, YaST-ized it and made it distinct from any RH offering. But they went out of their way to buy a system that compeats with SELinux. Either it is significantly better today, or it will more easily be N-ized tomorrow, so it will be radically better next year.

        • Re:Good Thing? (Score:1)

          by Anonymous Coward
          I'm a Novell partner selling Linux solutions.

          The problem seems to be that Novell are unable or unwilling to make a decision regarding KDE or Gnome. While Gnome is regarded as a more enterprise solution (not many things to tweak is good in that environment), KDE shows amazing progress between point versions. Even though they say they support both, that is not correct. For example, by default, NLD9 comes with the red carpet applet in Gnome but not in KDE. Firefox and Evolution are completely GNOMEified - tha

          • I'm a Novell partner selling Linux solutions.

            The problem seems to be that Novell are unable or unwilling to make a decision regarding KDE or Gnome.

            So am I.

            What I don't see is why this is a problem. In my mind, the problem is that they are trying to decide at all. I suspect that the real problem is that the Ximian folks are having too much input into Novell's Linux operations (if not all operations) in general. (It might explain some of the recent rash of Novell departures as well.)

            There are go
      • A good thing is where your life becomes sweeter, funnier, easier or more pleasant in some way.

        What about other people's lives?

        • If your life get's sweeter, simpler etc. as a result of ths change, then you are entitled not to bitch about it. 8)
          • Hmm, but that doesn't work in all cases. For example, what if you were in line a get inheritance from your rich uncle, and so you killed him, got the money, and managed to not get caught. That's all fine and dandy for you, but it's obviously not very nice for him... Of course, most people would do the ethical thing and *not* kill him. But this is getting silly now ;)
  • Is there a screenshot anywhere of the YaST module used for configuration? I read the LSM pages and I think I have an idea of what it does but not how to manage it. Are the access control models applied to processes themselves or to the accounts running the processes? So if I wanted to allow the system user to change the time would I configure the date program to be able to do this or the user account in which case he could use any program which could change the system clock.

    And since the framework consists
    • My (limited) understanding is that you set up an association. So, in your case, you'd want the user to have access to the date program AND the system clock, and the date program itself to also have access to the system clock.

      The user then runs the program. The system determines that this is legit. The program then tries to set the date. The system checks to see if the program is authorized (in this case, it is) and if the user is also authorized (again true in this case). The system then allows the transa

  • Frontend? (Score:5, Insightful)

    by ultrabot ( 200914 ) on Wednesday May 11, 2005 @04:48AM (#12496910)
    Is the difference in configuration due to a better front end in Immunix, or some more fundamental flaw in SELinux? What's wrong with SELinux, and why can't it be fixed instead?
  • Is Immunix open source? If it is not, I'd rather learn an open system like SELinux that I can use on any distribution rather than tying my skillset to something Novell specific.

    Also the point about configuration is not that important in my mind. With SELinux the vendor is supposed to provide the policy so that everything works out of the box. When properly implemented, all your services will benefit from the MAC protection without you even noticing it. Once SELinux is sufficiently integrated into an distri

    • Re:Immunix (Score:2, Insightful)

      by turbidostato ( 878842 )
      "I hope they're not going down this road just to be different from Red Hat."

      Red Hat is market leader (within this niche). Were Novell/SuSE just the same as Red Hat why anyone would choose them?

      It is not only that Novell wants to be different, it is that they *need* to be different.
      • Sadly, I think you are right about that. Although I think Novell/SuSE is well enough differentiated through their approach to usability. The problem I see with this is, it's the same thinking that drove the Unix vendors to implement dozens of solutions for every single problem, each in the name of "adding value to" or "differentiating" their offering from all the others. This led famously to balkanization of the technical computing market, and ultimate failure in the battle with Microsoft for domination of
        • "The problem I see with this is, it's the same thinking that drove the Unix vendors to implement dozens of solutions for every single problem"

          Yes, but this is much more about "perception" than about "reality". While it is true that any unix vendor tried to diferenciate themselves in order to gain market oportunity and that was called "The Unix Wars", it is even truer that Microsoft was always much much more different to anyone of those than any two others, and Microsoft made tons of money out of those dif
          • "The question is, can you tell me again what exactly the story is?"

            Once upon a time ...

            Story meanings depend in complicated ways on both the teller and listener. But briefly, from my point of view, there was a time in the late 1980s when it looked like Unix workstation vendors might reach down into the commodity PC market and seriously challenge Microsoft for dominance there. Intel CPUs were getting faster and more capable, and it was thought that Unix would soon be viable running on cheap commodity PC

            • "Once upon a time ..."

              Yeah, I know your version of the story (which is the "usual one"), and that's exactly what I was challenging.

              You say "...there was a time in the late 1980s when it looked like Unix workstation vendors might reach down into the commodity PC market and seriously challenge Microsoft for dominance there"

              And I say there's nothing as "The Unix Vendors": there exists SCO, and HP, and Sun, and Microsoft, and IBM, and a lot of others wanting to make themselves millionaires. And that's the p
  • ...not much. Two boxes running FC3 wit SEL, and neither one has caused me to do any SEL-specific twiddling during any of my configurations, updates, etc. if SEL is doing anything at all for my machines, it's not making itself obtrusive enough to even notice it.

    Okay, so maybe that can be taken to mean it ain't working at all so after a couple intrusive checks later tonight, if I find it still working and doing its thing properly, then I'll just ignore this whole thing. Nice that Novell is taking security

  • Uh oh (Score:2)

    by rsax ( 603351 )
    What does this mean for Novell software running on Red Hat Enterprise Linux? Right now they only support GroupWise and eDirectory if you are using RHEL 3 or 2.1 because RHEL4 has SELinux and Novell hasn't figured out a way to officially support their products on that platform. This was directly from a Novell support representative. Now if they are not choosing SELinux at all for SUSE then how long before they totally ditch RHEL as a supported option for eDirectory, GroupWise or any of their other software?

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close