[Discuss] grsecurity
Tom Metro
tmetro-blu at vl.com
Tue May 1 21:53:06 EDT 2012
Richard Pieri wrote:
> Because SELinux requires a great deal of sysadmin time and effort and
> expertise to craft the jails and security policies.
>
> gsecurity does all this right out of the box.
I got what you meant, but that's a UI or config layer problem. What I'm
saying is that gsecurity could have used the SELinux (or AppArmor, or
whatever) Linux Security Module[1] to implement their rules, and wrap it
with their own UI or config system to make it turn key and less error prone.
Hopefully someone will point out that there was a technical
justification for not reusing an existing LSM.
1. http://en.wikipedia.org/wiki/Linux_Security_Modules
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the Discuss
mailing list