Subject: Re: SE Linux vs SE NetBSD !!
To: Elad Efrat <>
From: Steven M. Bellovin <>
List: tech-kern
Date: 08/25/2006 17:57:15
On Sat, 26 Aug 2006 00:18:57 +0200, Elad Efrat <> wrote:
> That is perhaps the most important bit of this discussion: is it *worth*
> integrating a SELinux-like framework in NetBSD?


The hard part is figuring out what the right policies (or classes of
policies) are, in the abstract.  NSA likes MLS, but that's partly a
historical hangover from 20 years ago.  (Even if you do like MLS, there's
still the assurance problem -- SELinux hasn't really addressed it.)

I'd refer you to my latest Inside RISKS column (on why VMs won't save us),
but it's not out yet.

		--Steven M. Bellovin,