Re: Which module is "best"?

From: Russell Coker (russellat_private)
Date: Mon Mar 10 2003 - 14:05:20 PST

  • Next message: Chris Wright: "Re: Which module is "best"?"

    On Mon, 10 Mar 2003 22:54, Chris Wright wrote:
    > I wouldn't classify SELinux[1] as just a research project.  There is a
    > debian project that helps provide some basic policy definitions to help
    > secure a production type system[2].
    The aim of my Debian work is not to produce policy.  I just ended up writing 
    lots of policy because it needed to be done and no-one else was doing it.
    The aim is to have a set of Debian packages for all SE Linux functionality, so 
    that you can get full SE functionality by just installing Debian packages 
    with a minimum of effort.  Also I've spent a lot of time working on upgrades 
    of live systems.  Upgrading a SE Debian system is a lot easier than upgrading 
    most OSs that don't have any special security (I have some SE machines that I 
    upgrade every day).
    > lot of sample setups[4].  Openwall and Capabilities provide limited
    > protection, and require the least user/admin configuration (read: none).
    > They provide a nice complement to a fuller-featured MAC system.
    What is the ETA on getting LSM module stacking to fully work?  Last time I 
    checked most OpenWall functionality did not operate when stacked with SE 
    --   My NSA Security Enhanced Linux packages  Bonnie++ hard drive benchmark    Postal SMTP/POP benchmark  My home page
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Mon Mar 10 2003 - 14:05:58 PST