Re: Security-enhanced Linux by the NSA for Debian
Hi,
Quoting Wichert Akkerman (wichert@valinux.com):
> Previously Robert van der Meulen wrote:
> > You might want to take a look at the ACL/extended attribute patches, they go
> > towards what selinux does, and don't need that much changes to several
> > utility packages. (and they're not made by the NSA!)
> They really do something quite different actually.
Not _quite_ different - selinux goes a bit further in defining access
policies, and seems to do more than just restrict access on a filesystem
level.
You can go quite a long way combining the ACL/extattr patches with
openwall/lids/capabilities, without touching any NSA stuff, though.
I must admit i haven't tried selinux (yet?), so i could ofcourse be entirely
wrong - but this is what i understand from the stuff on their web pages.
Greets,
Robert
--
Linux Generation
Sodomy is a pain in the ass.
Reply to: