[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SELinux on Squeeze?



On Sat, 2011-12-31 at 18:19 +0100, Carlos Alberto Lopez Perez wrote:
On 31/12/11 12:24, Laurentiu Pancescu wrote:
> 
> I think now only grsecurity is available in Debian, providing similar
> functionality (it does much more than exec-shield, but it's also more
> intrusive - not sure if it's even possible to use SELinux at the same
> time). I don't mean this in a bad way, grsecurity seems to boost kernel
> security quite a bit

Meanwhile you don't enable the RBAC part of the grsecurity patch you can
use SELinux with the grsecurity patch.


grsecurity-RBAC is the grsecurity's alternative to SELinux, which I find
far easier and user-friendly to use than SELinux. Here is a nice to read
paper [1] comparing both grsecurity-RBAC and SELinux.


There has been some people pushing for adding a grsecurity featureset
(flavor) to the official Debian kernel. [2] Perhaps some of you would
like to show your support or help pushing for it in order to make it
happen, I definitively would love to see a linux-image-grsecurity in
Debian :)



Regards!




---------
[1] http://www.cs.virginia.edu/~jcg8f/SELinux%20grsecurity%20paper.pdf
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605090



I recently had contact with the guy behind cr0.org. He told me that he wasn't very active anymore, but he was planning to work on the 3.1.5 kernel soon.
You can check out the repositories at http://debian.cr0.org/
Perhaps he's interested in having his work integrated into Debian? I can contact him tomorrow via email. I don't know the guy personally.
But I'm willing to pick this one up. Grsec would be a very easy way to improve the kernel security in Debian. SELinux has a bigger learning curve I guess.

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: