On 31/12/11 12:24, Laurentiu Pancescu wrote: > > I think now only grsecurity is available in Debian, providing similar > functionality (it does much more than exec-shield, but it's also more > intrusive - not sure if it's even possible to use SELinux at the same > time). I don't mean this in a bad way, grsecurity seems to boost kernel > security quite a bit Meanwhile you don't enable the RBAC part of the grsecurity patch you can use SELinux with the grsecurity patch. grsecurity-RBAC is the grsecurity's alternative to SELinux, which I find far easier and user-friendly to use than SELinux. Here is a nice to read paper [1] comparing both grsecurity-RBAC and SELinux. There has been some people pushing for adding a grsecurity featureset (flavor) to the official Debian kernel. [2] Perhaps some of you would like to show your support or help pushing for it in order to make it happen, I definitively would love to see a linux-image-grsecurity in Debian :) Regards! --------- [1] http://www.cs.virginia.edu/~jcg8f/SELinux%20grsecurity%20paper.pdf [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605090
Attachment:
signature.asc
Description: This is a digitally signed message part