| 1 |
While we are pretty much set to use selinux for our MAC implementation we
|
| 2 |
still need a lighter weight, less intrusive ACL implementation.
|
| 3 |
|
| 4 |
natey has worked on systrace some, and we have a couple guys interested
|
| 5 |
in grsecurity.
|
| 6 |
|
| 7 |
The problem is that we have limited resources and should really focus on having
|
| 8 |
1 really good ACL implementation (by this i mean concentrating on writing policies,
|
| 9 |
maintaining, documenting and recommending a particular implementation.) this does
|
| 10 |
_not_ prohibit any number of acl systems being available in portage, but resources
|
| 11 |
mandate that we persue only one as a full blown subproject. The question is
|
| 12 |
which one. i was somewhat excited about systrace due to it's usability before i found
|
| 13 |
out that it is not possible to apply system wide acl's with it. grsecurity can do this
|
| 14 |
but isn't nearly as easy. are there others? does anyone have experience with
|
| 15 |
any particular implementation, and have opinions on how easy to use, effective
|
| 16 |
and stable please share that information.
|
| 17 |
|
| 18 |
note: please, please, for the sake of all the people on this list don't reply
|
| 19 |
if you don't have experience with acl implementations or just want to
|
| 20 |
hear yourself talk, it doesn't help anything. Thanks everyone
|
| 21 |
|
| 22 |
Cheers
|
| 23 |
|
| 24 |
Joshua Brindle |
Archives