Re: running services in their own little world
On Mon, 26 Jul 2004 07:06, "Milan P. Stanic" <firstname.lastname@example.org> wrote:
> On Sun, Jul 25, 2004 at 11:02:54AM +1000, Russell Coker wrote:
> > On Sun, 25 Jul 2004 02:43, hanasaki <email@example.com> wrote:
> > > The idea is to run bind, http and other servers in a jail. I am just
> > > getting started and know little about it, for now. I was hoping that
> > > there were Debian packages that already provided the jail(s) to run
> > > these services in.
> > SE Linux offers a good solution to your problem. However SE Linux
> > support in Debian is lacking because I'm the only DD working on it. At
> > the moment SE Linux support in Fedora is significantly better.
> LIDS is more simpler.
> SE Linux is overkill for simple servers for now, IMO.
LIDS used to be in the LSM kernel patch, but got removed before LSM was merged
into 2.6.x because it wasn't being maintained.
Is LIDS being maintained again? If so when will the patch be submitted to
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page