[rsbac] 2.4.12+ rsbac+freeswan+grsec
Peter Busser
peter at trusteddebian.org
Wed Jun 18 17:56:27 MEST 2003
Hi!
> Amon:
> Most problems from patching the kernel both rsbac and grsec is due to that
> both want to patch the same area.
That is because gr-security tries to provide functionality which RSBAC already
provides in a more generic and powerful way.
Basically, gr-security is: PaX + IP randomisation + ACL/RBAC(?) stuff.
You can get PaX as a seperate patch and you can get the IP randomisation as a
seperate patch. Adding PaX + IP randomisation + RSBAC results in zero or almost
zero conflicts. This is what I do in the Adamantix kernel and it works great.
> Of course it is also possible to insert this 'interior' state in the
> kernel (kernel security initiatives or something), but if it does not
> work, then this interior stuff could help joining multiple patches.
A nice idea, although I am not sure that it works.
Groetjes,
Peter Busser
More information about the rsbac
mailing list