[rsbac] 2.4.12+ rsbac+freeswan+grsec

Peter Busser peter at trusteddebian.org
Wed Jun 18 17:56:27 MEST 2003


> Amon:
> Most problems from patching the kernel both rsbac and grsec is due to that
> both want to patch the same area.

That is because gr-security tries to provide functionality which RSBAC already
provides in a more generic and powerful way.

Basically, gr-security is: PaX + IP randomisation + ACL/RBAC(?) stuff.

You can get PaX as a seperate patch and you can get the IP randomisation as a
seperate patch. Adding PaX + IP randomisation + RSBAC results in zero or almost
zero conflicts. This is what I do in the Adamantix kernel and it works great.

> Of course it is also possible to insert this 'interior' state in the
> kernel (kernel security initiatives or something), but if it does not
> work, then this interior stuff could help joining multiple patches.

A nice idea, although I am not sure that it works.

Peter Busser

More information about the rsbac mailing list