Novell Acquires SELinux Alternative Immunix

G Money writes "Novell announced today that they acquired Immunix, a company the produces an alternative mandatory access control solution to SELinux using the LSM. For anyone who hasn't used both Immunix and SELinux, the difference between configuring them is like night and day. There's even a YaST module for configuration. (Disclaimer: I'm on the Defcon Immunix CTF team.)"

There are many alternatives to SELinux

[jd]

And that is a Good Thing. It is also good that at least one such alternative is now getting the backing of a major vendor.

What will likely transpire, over time, is that all of the different solutions solve a narrow set of problems very well, but other problems poorly. That is normal and nothing to be ashamed of. What will likely happen then is that ideas will be taken from all of them to form some hybrid that works well in all arenas.

This is perfectly normal in the Unix world. System V, BSD and other Unix-like kernels have done this for decades, because it is a very efficient way to build products.

The downside, for now, is that users may become confused by the range of options. So long as the defaults are sensible and the details as transparent as the user needs them, it shouldn't matter. That depends on how well Novell are in tune with Linux versus being different for the sake of having a conversation piece.

Good Thing?

[hbo]

And that is a Good Thing.

A good thing is where your life becomes sweeter, funnier, easier or more pleasant in some way. Having two approaches to MAC pushed by the two leading Linux vendors makes my life (or the part I spend as a sysadmin) harder fer cryin' out loud!

What is it with Unix-like operating systems and non-primitive access control? Every Unix flavor adopted different approaches to "Red Book" security in the 1980s on top of the barely-adequate-for-academic-use Unix permissions model. Those that survived have never standardized in all those years. I really hate to see Red Hat and SuSE continue on that well-worn path. And before you say Open Source is different in this regard, take a look at the competing desktops. It's roughly 10 years that both major projects have been pursuing seperate paths. And freedesktop.org proves the point. They are expending an awful lot of effort to bridge the gap those competing projects dug between themselves.

Competing approaches are fine for research into the best way to get things done. They are also a spur to development of different approaches. But MAC is not new computer science that needs researching. And choice is often actually the enemy in a production business computing environment.

Bah!

Re:Good Thing?

[T-Ranger]

While SuSE was a big developer/user/promoter of KDE, Ximian was the single biggest developer/user/promoter of Gnome. Currently, it seems that Novell has decided they are both wrong, and is going with Mono. Sadly, I am only half joking.

As for MAC, not even hearing of this thing before today, Im going to side with Novell. SELinux was developed at the NSA as a research project. While Im not saying that security is the opposite of usability, it is fair to say that a NSA research project is about as far detached from the requirements of reality as you can get. Novell, Netware, NDS, NSS, they have forgotten more about security and the real world - the real business world, then RedHat knows. Novell could taken SELinux for free, NDS-ized it, iManaged-ized it, YaST-ized it and made it distinct from any RH offering. But they went out of their way to buy a system that compeats with SELinux. Either it is significantly better today, or it will more easily be N-ized tomorrow, so it will be radically better next year.

Frontend?

[ultrabot]

Is the difference in configuration due to a better front end in Immunix, or some more fundamental flaw in SELinux? What's wrong with SELinux, and why can't it be fixed instead?