On 8/23/06, Todd C. Miller <millert@courtesan.com> wrote:
> > Why dont have SE extensions ported to NetBSD??? Any idea of porting
> > for NetBSD??? IMHO its a great idea!!!

OMGWTFBBQ!

> Note that the kernel side of things is only one part of it.  You
> still would need to write a security policy for NetBSD (or adapt
> the existing Linux one) in the SELinux policy language which is no
> small feat.

I'd like to see MAC ported to NetBSD, but in the meantime it appears
that Elad is diligently working on a more granular securelevel and
integration with kauth, which accomplishes much of the same thing;
IIUC basically securelevel is designed to prevent persistent changes
to the critical files that control initial boot, so that a reboot can
get you into a trusted state.

For more info, see the threads here:
http://archives.neohapsis.com/archives/netbsd/2006-q1/thread.html
-- 
"If you're not part of the solution, you're part of the precipitate."
Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484