Subject: Re: SE Linux vs SE NetBSD !!
To: Todd C. Miller <firstname.lastname@example.org>
From: Travis H. <email@example.com>
Date: 08/24/2006 20:03:52
On 8/23/06, Todd C. Miller <firstname.lastname@example.org> wrote:
> > Why dont have SE extensions ported to NetBSD??? Any idea of porting
> > for NetBSD??? IMHO its a great idea!!!
> Note that the kernel side of things is only one part of it. You
> still would need to write a security policy for NetBSD (or adapt
> the existing Linux one) in the SELinux policy language which is no
> small feat.
I'd like to see MAC ported to NetBSD, but in the meantime it appears
that Elad is diligently working on a more granular securelevel and
integration with kauth, which accomplishes much of the same thing;
IIUC basically securelevel is designed to prevent persistent changes
to the critical files that control initial boot, so that a reboot can
get you into a trusted state.
For more info, see the threads here:
"If you're not part of the solution, you're part of the precipitate."
Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484