Re: Which module is "best"?

From: Chris Wright (chrisat_private)
Date: Mon Mar 10 2003 - 14:19:33 PST

  • Next message: Pete Loscocco: "Re: Which module is "best"?"

    * Russell Coker (russellat_private) wrote:
    > On Mon, 10 Mar 2003 22:54, Chris Wright wrote:
    > > I wouldn't classify SELinux[1] as just a research project.  There is a
    > > debian project that helps provide some basic policy definitions to help
    > > secure a production type system[2].
    > The aim of my Debian work is not to produce policy.  I just ended up writing 
    > lots of policy because it needed to be done and no-one else was doing it.
    Thanks for the correction.  I mainly wanted to point out that there is a
    bunch of pre-packaged policy, which helps someone get started.  And also
    that this work is done outside the base SELinux project, dispelling the
    notion that it's simply a research project.
    > What is the ETA on getting LSM module stacking to fully work?  Last time I 
    > checked most OpenWall functionality did not operate when stacked with SE 
    > Linux.
    Well, I thought it worked, however limited in scope.  The SELinux module
    supports the stacking interface (although it allows only one
    subdordinate module).  I believe the SELinux only has trouble with the
    CONFIG_OWLSM_FD option (making sure fds 0, 1, and 2 are open).
    Linux Security Modules
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Mon Mar 10 2003 - 14:20:05 PST