Gentoo Archives: gentoo-hardened

From: "Anthony G. Basile" <basile@××××××××××××××.edu>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] Any help needed ?
Date: Wed, 04 Sep 2013 11:55:33
Message-Id: 52271FB3.8050408@opensource.dyc.edu
In Reply to: Re: [gentoo-hardened] Any help needed ? by Sven Vermeulen
1 On 09/04/2013 01:29 AM, Sven Vermeulen wrote:
2 > out of the blue
3
4 No! No more will be implemented "out of the blue" until he is well rested!
5
6 I would try SMACK because it uses xattrs to store labels, like selinux
7 and the new pax flags. It might be something we could roll in with what
8 we do now. I would prefer the pax flags model (labelling from withing
9 an ebuild on an ad hoc basis) rather than selinux's model which is to
10 have a new category in portage for the policies. I'm not familiar with
11 SMACK so this may not be easy/possible. Also, I think rsbac, selinux
12 and SMACK are all going to be mutually exclusive.
13
14 Finally, kensington has apparmor, but I don't know the state of its
15 implementation.
16
17 If we continue with mutually exclusive security models (or more like
18 partially mutually exclusive) we'll need documentation on what the pros
19 and cons are of each. Someone could start there with the wiki.
20
21
22 --
23 Anthony G. Basile, Ph. D.
24 Chair of Information Technology
25 D'Youville College
26 Buffalo, NY 14201
27 (716) 829-8197