Hi, picking up the thread on "NSA SELinux" again: At 14:27 31.05.02 +0200, Mark Müller wrote:
Matthias Jänichen wrote:
If you need something to use today you should look at www.rsbac.org. RSBAC (Rule Set Based Access Controll) is _working_ on Suse, running for over two years on productive systems. We've looked at LIDS, RSBAC and SELinux and decided to give SELinux a chance. RSBAC is easier to install, but it lacks LSM support and we don't know where RSBAC is going after Amon has finished its master thesis.
For his PhD(!) thesis the conceptual work on RSBAC is much more important.
Nevertheless the requested support for LSM has been discussed. Until LSM
development settles down he decided to concentrate on the existing
implementation based on kernel patches. This is necessary to provide
support for the various existing installations.
At the moment LSM does not provide enough so that many features would
either need to be dropped or would need patches again.
After announcement of Version 1.2.0 on the e-open event in Prague Amon has
directly started with Version 1.2.1. He has prepared RSBAC 1.2.1pre1 for
download at www.RSBAC.org . Due to great interest he implemented
architecture support for Linux S/390 and is now looking for pilot
installations and/or hardware. Anyone who could help here should get in
contact with him directly (Amon Ott