[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SELinux



In article <1127338602.17467.33.camel@haggis.homelan> you wrote:
> For systems on insecure or restricted/classified networks, it's
> wonderful.  For 98% of us, it's too much complexity for not enough
> benefit over:
>        carefully chosen apps
>        turned-off unused daemons
>        a good h/w firewall
>        strong iptables rules.

Biba Low-Watermark is here pretty interesting, since it requires a bit less
setup. Linux supports that with Lomac. 

Looks like IBM is researching on some SELinux based hybrid models which they
call SLIM (with TPM hardware support):
http://www.acsac.org/2004/workshop/David-Safford.pdf

However looks like lomac is kind of postponed, since nobody is funding LSM
work. However it is part of FreeBSD current.
http://opensource.sparta.com/lomac/

Gruss
Bernd



Reply to: