>>> On Thu, Mar 29, 2007 at 9:54 AM, in message <[EMAIL PROTECTED]>, David Boyes <[EMAIL PROTECTED]> wrote: >> I'm considering implementing SELinux for truly paranoid protection. > I'm >> a RACF security admin as well as a z/OS sysprog. Yes, I __own__ the > z/OS >> system. > > While you're at it, write some tools for managing SELinux policies. Much > like RACF, the problem is not implementing SELinux, but actually getting > it to behave in a usable manner. A set of useful management tools for > such a beast would make you a serious security god in the Unix world -- > I bet just porting all the stuff you wrote ages ago to manage RACF would > be a great start.
Based on a review of RHEL5 that I read, it includes some better tools for writing SELinux policies, as well as providing more pre-built templates to use. I haven't looked at that yet though. Maybe Brad can give us a synopsis. Mark Post ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
