Re: Are there any SELinux tools available for Cygwin?

[Warren Young <warren at etr-usa dot com>]

On 6/3/2014 02:58, PolarStorm wrote:
> But it would be more interesting to hear why you think all of them are
> "doomed"?

Okay.

Option 1, Cygwin supports its own flavor of SELinux, incompatible with 
all others.  Do I really need to tell you why this is a bad idea?

Option 2, Cygwin picks one of the three preexisting flavors to emulate. 
 Most likely reason to fail: Windows's MAC system -- such as it is -- 
doesn't work even vaguely like SELinux, so Cygwin cannot emulate SELinux 
in terms of Windows kernel mechanisms.  The best it could do is provide 
a soft emulation that only works among programs based on Cygwin, and 
then only to the extent that they play by the rules and make all their 
I/O calls via cygwin1.dll.  As soon as they bypass the Cygwin DLL, the 
benefits of SELinux go away.  You do know what the M in MAC stands for, 
right?  It'd be like using velvet ropes to fence off a preschool playground.

Option 3, emulate all preexisting SELinux flavors.  Most likely reason 
to fail: Take Option 2 and multiply it by 3.  Then ask yourself who will 
do all that low-value work.

> Thanks for taking the time to give a proper answer, I very much appreciate
> it.

My first post was a proper answer.  It gave you a perfectly legitimate 
solution to the problem.  The fact that you didn't *like* the answer 
does not rob it of legitimacy.

One of the biggest mistakes people make when asking for help is 
specifying the solution in advance.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple