| 1 |
Ok, someone pointed out another ACL implementation to me today
|
| 2 |
http://acl.bestbits.at
|
| 3 |
|
| 4 |
those are POSIX acl's. my worry is that this is only for filesystems, we'd
|
| 5 |
need another package to handle network acl's.
|
| 6 |
|
| 7 |
does anyone have experience with this particular acl implementation? please
|
| 8 |
repond back to the list with your details about the usefullness, stability,
|
| 9 |
etc of it.
|
| 10 |
|
| 11 |
Thanks
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
Joshua Brindle
|
| 16 |
|
| 17 |
>>> Joshua Brindle <method@g.o> 03/22/03 01:49AM >>> |
| 18 |
While we are pretty much set to use selinux for our MAC implementation we
|
| 19 |
still need a lighter weight, less intrusive ACL implementation.
|
| 20 |
|
| 21 |
natey has worked on systrace some, and we have a couple guys interested
|
| 22 |
in grsecurity.
|
| 23 |
|
| 24 |
The problem is that we have limited resources and should really focus on having
|
| 25 |
1 really good ACL implementation (by this i mean concentrating on writing policies,
|
| 26 |
maintaining, documenting and recommending a particular implementation.) this does
|
| 27 |
_not_ prohibit any number of acl systems being available in portage, but resources
|
| 28 |
mandate that we persue only one as a full blown subproject. The question is
|
| 29 |
which one. i was somewhat excited about systrace due to it's usability before i found
|
| 30 |
out that it is not possible to apply system wide acl's with it. grsecurity can do this
|
| 31 |
but isn't nearly as easy. are there others? does anyone have experience with
|
| 32 |
any particular implementation, and have opinions on how easy to use, effective
|
| 33 |
and stable please share that information.
|
| 34 |
|
| 35 |
note: please, please, for the sake of all the people on this list don't reply
|
| 36 |
if you don't have experience with acl implementations or just want to
|
| 37 |
hear yourself talk, it doesn't help anything. Thanks everyone
|
| 38 |
|
| 39 |
Cheers
|
| 40 |
|
| 41 |
Joshua Brindle |
Archives