1 |
Ok, someone pointed out another ACL implementation to me today
|
2 |
http://acl.bestbits.at
|
3 |
|
4 |
those are POSIX acl's. my worry is that this is only for filesystems, we'd
|
5 |
need another package to handle network acl's.
|
6 |
|
7 |
does anyone have experience with this particular acl implementation? please
|
8 |
repond back to the list with your details about the usefullness, stability,
|
9 |
etc of it.
|
10 |
|
11 |
Thanks
|
12 |
|
13 |
|
14 |
|
15 |
Joshua Brindle
|
16 |
|
17 |
>>> Joshua Brindle <method@g.o> 03/22/03 01:49AM >>> |
18 |
While we are pretty much set to use selinux for our MAC implementation we
|
19 |
still need a lighter weight, less intrusive ACL implementation.
|
20 |
|
21 |
natey has worked on systrace some, and we have a couple guys interested
|
22 |
in grsecurity.
|
23 |
|
24 |
The problem is that we have limited resources and should really focus on having
|
25 |
1 really good ACL implementation (by this i mean concentrating on writing policies,
|
26 |
maintaining, documenting and recommending a particular implementation.) this does
|
27 |
_not_ prohibit any number of acl systems being available in portage, but resources
|
28 |
mandate that we persue only one as a full blown subproject. The question is
|
29 |
which one. i was somewhat excited about systrace due to it's usability before i found
|
30 |
out that it is not possible to apply system wide acl's with it. grsecurity can do this
|
31 |
but isn't nearly as easy. are there others? does anyone have experience with
|
32 |
any particular implementation, and have opinions on how easy to use, effective
|
33 |
and stable please share that information.
|
34 |
|
35 |
note: please, please, for the sake of all the people on this list don't reply
|
36 |
if you don't have experience with acl implementations or just want to
|
37 |
hear yourself talk, it doesn't help anything. Thanks everyone
|
38 |
|
39 |
Cheers
|
40 |
|
41 |
Joshua Brindle |