[Discuss] grsecurity

[Tom Metro]

Richard Pieri wrote:
> Tom Metro wrote:
>> How is RBAC different from SELinux or AppArmor? (And why didn't they
>> incorporate one of those?)
> 
> I don't know but I can guess.  It's chroot jails.  Locking down chroots
> is a standard feature of Grsecurity.  Neither SELinux nor AppArmor are
> aware of chroot contexts.

Hmmm...the Wikipedia article gave the impression that the chroot jail
was separate from RBAC or at least layered above it. It isn't clear why
they couldn't have taken SELinux and done the same thing. Or at most, a
patched SELinux.

The rule in security is that you take great pains not to reinvent the
wheel unless you absolutely have to.

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/