Hi, (Please Cc: any subsequent reply to the public [email protected] ML.)
> The kernel: grsec kernel + pax should be a major priority. We agree it would be great if Tails shipped with tools that make it harder to practically exploit security issues. Both mandatory access control systems (AppArmor, RBAC) and general kernel hardening patches are such tools, and we are considering both. Debian has started shipping AppArmor-enabled kernels recently, while the grsec effort is far from having reached this goal; therefore, our time being pretty limited, it seems likely we'll consider shipping AppArmor MAC policies instead of RBAC policies or a kernel patched with PaX. This decision is far from being final yet; as you can see on our roadmap, there are a few things we find more urgent to address first: https://tails.boum.org/contribute/roadmap/ FYI our quick review of MAC systems from Tails PoV is there: https://tails.boum.org/todo/Mandatory_Access_Control/ --
pgpcpIgfTICIg.pgp
Description: PGP signature
_______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
