1 |
On 09/04/2013 01:29 AM, Sven Vermeulen wrote: |
2 |
> out of the blue |
3 |
|
4 |
No! No more will be implemented "out of the blue" until he is well rested! |
5 |
|
6 |
I would try SMACK because it uses xattrs to store labels, like selinux |
7 |
and the new pax flags. It might be something we could roll in with what |
8 |
we do now. I would prefer the pax flags model (labelling from withing |
9 |
an ebuild on an ad hoc basis) rather than selinux's model which is to |
10 |
have a new category in portage for the policies. I'm not familiar with |
11 |
SMACK so this may not be easy/possible. Also, I think rsbac, selinux |
12 |
and SMACK are all going to be mutually exclusive. |
13 |
|
14 |
Finally, kensington has apparmor, but I don't know the state of its |
15 |
implementation. |
16 |
|
17 |
If we continue with mutually exclusive security models (or more like |
18 |
partially mutually exclusive) we'll need documentation on what the pros |
19 |
and cons are of each. Someone could start there with the wiki. |
20 |
|
21 |
|
22 |
-- |
23 |
Anthony G. Basile, Ph. D. |
24 |
Chair of Information Technology |
25 |
D'Youville College |
26 |
Buffalo, NY 14201 |
27 |
(716) 829-8197 |