Re: Security-enhanced Linux by the NSA for Debian

To: debian-devel@lists.debian.org
Subject: Re: Security-enhanced Linux by the NSA for Debian
From: Robert van der Meulen <rvdm@cistron.nl>
Date: Mon, 26 Mar 2001 15:01:00 +0200
Message-id: <[🔎] 20010326150100.E29240@lin-gen.com>
In-reply-to: <[🔎] 20010326144058.E7008@cistron.nl>; from wichert@valinux.com on Mon, Mar 26, 2001 at 02:40:58PM +0200
References: <[🔎] 20010326105903.A2840@swamp> <[🔎] 20010326143113.B29240@lin-gen.com> <[🔎] 20010326144058.E7008@cistron.nl>

Hi,
Quoting Wichert Akkerman (wichert@valinux.com):
> Previously Robert van der Meulen wrote:
> > You might want to take a look at the ACL/extended attribute patches, they go
> > towards what selinux does, and don't need that much changes to several
> > utility packages. (and they're not made by the NSA!)
> They really do something quite different actually.
Not _quite_ different - selinux goes a bit further in defining access
policies, and seems to do more than just restrict access on a filesystem
level.
You can go quite a long way combining the ACL/extattr patches with
openwall/lids/capabilities, without touching any NSA stuff, though.
I must admit i haven't tried selinux (yet?), so i could ofcourse be entirely
wrong - but this is what i understand from the stuff on their web pages.

Greets,
	Robert
-- 
			      Linux Generation
			Sodomy is a pain in the ass.

Reply to:

References:
- Security-enhanced Linux by the NSA for Debian
  - From: Wouter de Vries <sax@debian.org>
- Re: Security-enhanced Linux by the NSA for Debian
  - From: Robert van der Meulen <rvdm@cistron.nl>
- Re: Security-enhanced Linux by the NSA for Debian
  - From: Wichert Akkerman <wichert@valinux.com>

Prev by Date: Re: Officially drop Linux 2.0 support? (was Some /usr/doc NMUs coming up)
Next by Date: Re: Officially drop Linux 2.0 support? (was Some /usr/doc NMUs coming up)
Previous by thread: Re: Security-enhanced Linux by the NSA for Debian
Next by thread: Re: Security-enhanced Linux by the NSA for Debian
Index(es):
- Date
- Thread