[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [developers-l] Re: [debian-devel] Re: security enhanced debian branch?

On Sat, 20 Dec 2003 07:52, "Milan P. Stanic" <mps@rns-nis.co.yu> wrote:
> On Fri, Dec 19, 2003 at 01:03:17PM +0100, Peter Busser wrote:
> > Why is LSM good enough for SELinux and not for RSBAC? Because SELinux was
> > changed to fit LSM. One example, network access control was removed from
> > SELinux because there are no network access control hooks provided by
> > LSM.
> I thought (reading SELinux news) at [1] that the network acl are there:
> ---------------------------------------------------------------------
> Reimplemented network interface and node controls (2.6 only).

There are controls over what local processes may do with networking.  But the 
previous code for labeled networking has not been re-instated.  Some new 
functionality that was not in SE Linux before has been added, but some of the 
previous functionality is still missing.

Work continues in this area.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: