1 |
>Justin wrote: |
2 |
>> Blurb: The one time I tried SELinux (which isn't ment to be the last time) I |
3 |
>> found it extremly difficult, complex and by no means comfortable. But I'm |
4 |
>> sure some of you got better results than I did. |
5 |
> |
6 |
>Hmm .. I've seen similar opinions posted in various places on the web .. easy to find using Google. |
7 |
|
8 |
True, selinux has a tough learning curve, similarly gentoo is not a linux distribution for newbies,
|
9 |
however, please recognise that we are putting forth a concerted effort to make this easy
|
10 |
to use for those who want to. We are providing policies for the base gentoo system, and
|
11 |
policies for hopefully a large part of the ebuilds in portage, we are writing stuff to deploy policies
|
12 |
when you install a particular app, we will have selinux GUI policy editors in portage, et al.
|
13 |
|
14 |
the opinions you've seen on the web are from people trying to do this basically from scratch
|
15 |
on a system which does not provide this functionality natively like we are. Additionally we'll
|
16 |
be putting together documentation for users to understand roles and using them effectively.
|
17 |
|
18 |
> |
19 |
>Anyway, the WOLK kernel (also in the Gentoo portage tree) has integrated grsecurity, systrace, and several other interesting packages. Are we duplicating effort? |
20 |
|
21 |
not at all. I understand that wolk contains many (if not all) of the patches that we will provide, however, since wolk is a giant collection of patches, and since many patches don't show up in later releases after being in prior ones i am not going to rely on them to provide all the patches that we need
|
22 |
|
23 |
However, for those users which prefer the enhancements available in WOLK it will certainly still be available. For example, whomever want to use selinux can choose between selinux-sources, hardened-sources and wolk-(server)-sources.
|
24 |
|
25 |
|
26 |
|
27 |
Joshua Brindle |