tech-security: Re: SE Linux vs SE NetBSD !!

Subject: Re: SE Linux vs SE NetBSD !!
To: Alan Silva <alan.silva@gmail.com>
From: Todd C. Miller <millert@courtesan.com>
List: tech-security
Date: 08/23/2006 20:14:27

In message <853d365c0608231530h6190c409l847e66e25b11c230@mail.gmail.com>
	so spake "Alan Silva" (alan.silva):

> Why dont have SE extensions ported to NetBSD??? Any idea of porting
> for NetBSD??? IMHO its a great idea!!!

The underlying security server and type enforcement engine in SELinux
has already been ported to both FreeBSD and Darwin in the form of
SEBSD and SEDarwin respecively.  Some details may be found at
http://www.trustedbsd.org/sebsd.html, http://sedarwin.org and
http://www.trustedbsd.org/sedarwin.html.  In both cases the SE
components are layered on top of the TrustedBSD MAC Framework (in
SELinux they are built top of the Linux Security Modules).

Note that the kernel side of things is only one part of it.  You
still would need to write a security policy for NetBSD (or adapt
the existing Linux one) in the SELinux policy language which is no
small feat.

 - todd