1 |
While we are pretty much set to use selinux for our MAC implementation we
|
2 |
still need a lighter weight, less intrusive ACL implementation.
|
3 |
|
4 |
natey has worked on systrace some, and we have a couple guys interested
|
5 |
in grsecurity.
|
6 |
|
7 |
The problem is that we have limited resources and should really focus on having
|
8 |
1 really good ACL implementation (by this i mean concentrating on writing policies,
|
9 |
maintaining, documenting and recommending a particular implementation.) this does
|
10 |
_not_ prohibit any number of acl systems being available in portage, but resources
|
11 |
mandate that we persue only one as a full blown subproject. The question is
|
12 |
which one. i was somewhat excited about systrace due to it's usability before i found
|
13 |
out that it is not possible to apply system wide acl's with it. grsecurity can do this
|
14 |
but isn't nearly as easy. are there others? does anyone have experience with
|
15 |
any particular implementation, and have opinions on how easy to use, effective
|
16 |
and stable please share that information.
|
17 |
|
18 |
note: please, please, for the sake of all the people on this list don't reply
|
19 |
if you don't have experience with acl implementations or just want to
|
20 |
hear yourself talk, it doesn't help anything. Thanks everyone
|
21 |
|
22 |
Cheers
|
23 |
|
24 |
Joshua Brindle |