| 1 |
>Justin wrote: |
| 2 |
>> Blurb: The one time I tried SELinux (which isn't ment to be the last time) I |
| 3 |
>> found it extremly difficult, complex and by no means comfortable. But I'm |
| 4 |
>> sure some of you got better results than I did. |
| 5 |
> |
| 6 |
>Hmm .. I've seen similar opinions posted in various places on the web .. easy to find using Google. |
| 7 |
|
| 8 |
True, selinux has a tough learning curve, similarly gentoo is not a linux distribution for newbies,
|
| 9 |
however, please recognise that we are putting forth a concerted effort to make this easy
|
| 10 |
to use for those who want to. We are providing policies for the base gentoo system, and
|
| 11 |
policies for hopefully a large part of the ebuilds in portage, we are writing stuff to deploy policies
|
| 12 |
when you install a particular app, we will have selinux GUI policy editors in portage, et al.
|
| 13 |
|
| 14 |
the opinions you've seen on the web are from people trying to do this basically from scratch
|
| 15 |
on a system which does not provide this functionality natively like we are. Additionally we'll
|
| 16 |
be putting together documentation for users to understand roles and using them effectively.
|
| 17 |
|
| 18 |
> |
| 19 |
>Anyway, the WOLK kernel (also in the Gentoo portage tree) has integrated grsecurity, systrace, and several other interesting packages. Are we duplicating effort? |
| 20 |
|
| 21 |
not at all. I understand that wolk contains many (if not all) of the patches that we will provide, however, since wolk is a giant collection of patches, and since many patches don't show up in later releases after being in prior ones i am not going to rely on them to provide all the patches that we need
|
| 22 |
|
| 23 |
However, for those users which prefer the enhancements available in WOLK it will certainly still be available. For example, whomever want to use selinux can choose between selinux-sources, hardened-sources and wolk-(server)-sources.
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
Joshua Brindle |
Archives