On 09/04/2013 01:29 AM, Sven Vermeulen wrote:
out of the blue

No!  No more will be implemented "out of the blue" until he is well rested!

I would try SMACK because it uses xattrs to store labels, like selinux and the new pax flags. It might be something we could roll in with what we do now. I would prefer the pax flags model (labelling from withing an ebuild on an ad hoc basis) rather than selinux's model which is to have a new category in portage for the policies. I'm not familiar with SMACK so this may not be easy/possible. Also, I think rsbac, selinux and SMACK are all going to be mutually exclusive.

Finally, kensington has apparmor, but I don't know the state of its implementation.

If we continue with mutually exclusive security models (or more like partially mutually exclusive) we'll need documentation on what the pros and cons are of each. Someone could start there with the wiki.


--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197

Reply via email to