X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; q=dns; s=default; b=cQLfLQZ3zEUqAcj8pid0jbDsAdD5PT0jkfnUG/QoGRR ZtphWlsUc95P184fjDeORYaGSwNL3nIFDiv/Jshtt2hyEK+6c5B8/z4pzf6a0k5q nhl4c4HtC2WQM6oZqloGEwWUeX58KOq5GKCJd3tr9vC5VaKf+CPKoDjVvq0KXQCw = DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:message-id:date:from:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; s=default; bh=bpiB2TaUQenFpRwiB3j3f7GyiKc=; b=KDXNWrOZB9ar61Trq cC+bTZltWfdmxAc9uBwvZMMXgJ2EEyQSc0/FG47dKTJmfvVSox8WpL8U/Dgdk0H7 efluB/Z8lHbiJoFF8HrfbW/9fGhJdclSSL2GKd82demGCvzK+w4qL+2FDAbXlJal AiZWiSAcZvvXBIvWLzHmbe6dm8= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.5 required=5.0 tests=AWL,BAYES_50,RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-HELO: etr-usa.com Message-ID: <538E1FFA.4080204@etr-usa.com> Date: Tue, 03 Jun 2014 13:20:26 -0600 From: Warren Young User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: Cygwin-L Subject: Re: Are there any SELinux tools available for Cygwin? References: <1401440703000-108952 DOT post AT n5 DOT nabble DOT com> <5388CD7E DOT 5010800 AT etr-usa DOT com> <1401525653800-108975 DOT post AT n5 DOT nabble DOT com> <1401561239482-108983 DOT post AT n5 DOT nabble DOT com> <538CBD76 DOT 4030903 AT etr-usa DOT com> <1401785919671-109064 DOT post AT n5 DOT nabble DOT com> In-Reply-To: <1401785919671-109064.post@n5.nabble.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes On 6/3/2014 02:58, PolarStorm wrote: > > But it would be more interesting to hear why you think all of them are > "doomed"? Okay. Option 1, Cygwin supports its own flavor of SELinux, incompatible with all others. Do I really need to tell you why this is a bad idea? Option 2, Cygwin picks one of the three preexisting flavors to emulate. Most likely reason to fail: Windows's MAC system -- such as it is -- doesn't work even vaguely like SELinux, so Cygwin cannot emulate SELinux in terms of Windows kernel mechanisms. The best it could do is provide a soft emulation that only works among programs based on Cygwin, and then only to the extent that they play by the rules and make all their I/O calls via cygwin1.dll. As soon as they bypass the Cygwin DLL, the benefits of SELinux go away. You do know what the M in MAC stands for, right? It'd be like using velvet ropes to fence off a preschool playground. Option 3, emulate all preexisting SELinux flavors. Most likely reason to fail: Take Option 2 and multiply it by 3. Then ask yourself who will do all that low-value work. > Thanks for taking the time to give a proper answer, I very much appreciate > it. My first post was a proper answer. It gave you a perfectly legitimate solution to the problem. The fact that you didn't *like* the answer does not rob it of legitimacy. One of the biggest mistakes people make when asking for help is specifying the solution in advance. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple