| 1 |
On Tue, Mar 18, 2003 at 03:03:05AM -0500, Matt Rickard wrote: |
| 2 |
> I'm curious as to what the rest of you feel regarding using either GRSec |
| 3 |
> or SELinux? They both seem similar in their goals and their features. |
| 4 |
> |
| 5 |
> I really like the chroot restrictions GRSec offers -- does SELinux provide |
| 6 |
> similar functionality? Chrooted daemons plus these restrictions provides |
| 7 |
> for very secure services. |
| 8 |
|
| 9 |
When we talk about Mandatory Access Control, SELinux is much more advanced |
| 10 |
than GRSecurity. IIRC GRSecurity uses a process-based, single select (not |
| 11 |
very flexible) MAC implementation. SELinux is much more flexible (but also |
| 12 |
more difficult). SELinux has policy-driven control over: |
| 13 |
- Processes |
| 14 |
- Files |
| 15 |
- Sockets |
| 16 |
|
| 17 |
However, GRSecurity has other patches that aren't included in SELinux, maybe |
| 18 |
because SELinux is developed with MAC in mind, and GRSecurity more with the |
| 19 |
OpenBSD kernel in mind... |
| 20 |
|
| 21 |
Well, that's what I've heard of it :) |
| 22 |
|
| 23 |
Wkr, |
| 24 |
Sven Vermeulen |
| 25 |
-- |
| 26 |
Fighting for peace is like fucking for virginity. |
Archives