![]() |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On May 1, 2012, at 7:23 PM, Tom Metro wrote: > > Hmmm...the Wikipedia article gave the impression that the chroot jail > was separate from RBAC or at least layered above it. It isn't clear why > they couldn't have taken SELinux and done the same thing. Or at most, a > patched SELinux. Because SELinux requires a great deal of sysadmin time and effort and expertise to craft the jails and security policies. It requires a lot of time and care to craft the security labels for the files in the jails. And it requires diligent auditing of those security labels to ensure that a mistake doesn't crack all of the jails wide open. gsecurity does all this right out of the box. --Rich P.
![]() |
|
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |