[rsbac] SELinux vs. RSBAC

shahbaz khan shazalive at gmail.com
Thu Sep 6 00:42:44 CEST 2007


Yes your comments are very true. I have been surveying RSBAC, SELinux,
GrSecurity and AppArmor. The best design is RSBAC and GrSecurity is
most suitable for sys admins. SELinux is getting more attention due to
integeration in mainline kernel. AppArmor is not a true MAC solution
but easier, which means more suitable for beginers and home users.

If anybody seriously wants security then RSBAC is the best enhancement
to kernel. I personally think that it lacks a bit in network controls.

Personally I am working on Distributed MAC and I intend to contribute
in future but my study is based upon SELinux due to mass support. My
design is almost independant of the underlying MAC enhancement so
would be portable easily.

If I can get some help on the internals on how the packets are labeled
and understood on both sides of the network w.r.t. code then side by
side I can handle the portability issues. I think considering
poratibilty issues from this point will help so do let me know how
things are.


On 9/5/07, Fix <4d876b82 at gmail.com> wrote:
> > I was studying RSBAC, AppArmor, GrSec and
> > SELinux in the meanwhile when you were on holidays. I am not
> > exagerating but I have fallen in love with RSBAC! Its so neat.
> Agreed.
> "- If SELinux is the highest possible level of system protection, what is RSBAC then?
> - A system rushes to the attack!"
> > The
> > only short comming is that it is not part of the kernel like
> > SELinux
> Yes, that is sadly.
> I remember Linus' arguments about speed costs, but only one who want it will pay the price,
> is not it?
> // wbr
> Fix
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac

More information about the rsbac mailing list