On May 1, 2012, at 7:23 PM, Tom Metro wrote: > > Hmmm...the Wikipedia article gave the impression that the chroot jail > was separate from RBAC or at least layered above it. It isn't clear why > they couldn't have taken SELinux and done the same thing. Or at most, a > patched SELinux.
Because SELinux requires a great deal of sysadmin time and effort and expertise to craft the jails and security policies. It requires a lot of time and care to craft the security labels for the files in the jails. And it requires diligent auditing of those security labels to ensure that a mistake doesn't crack all of the jails wide open. gsecurity does all this right out of the box. --Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
