control: tag -1 wishlist On jeu., 2016-01-21 at 12:20 -0800, Kevin Gallagher wrote: > Been playing with the grsec kernel that recently landed in sid (linux- > image-4.3.0-1-grsec-amd64).
Cool, thanks for testing. > One issue I discovered is that the RBAC is > disabled in the kernel configuration. Indeed. > > This also means that the gradm utility (a package recommended by > linux-grsec-base, also in the repos as 'gradm2') Good point, the recommends should be dropped for now. > > The grsecurity RBAC (role-based access control) > <https://en.wikibooks.org/wiki/Grsecurity/The_RBAC_System> is pretty > powerful and has some aspects that make it a superior solution to > AppArmor, SELINUX, etc. in this writer's humble opinion. > > I think there is no harm at all in leaving it enabled so that users can > take advantage of it if they wish. > > This can be solved by removing the following line (6916) from the kernel > configuration, and rebuilding: You will need to justify a bit more the two points above before I reconsider this. -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part
