Hello, Got some more layman's questions here after reading https://news.ycombinator.com/item?id=7287639 --
> > OpenBSD for security > > I dunno, I hear this a lot. Sure OpenBSD has created and implemented > some (often very bleeding edge) hardening features, but nothing that > hasn't seen the light of day in something like GRSecuriy. > > But the lack of other security layers and constructs seem puzzling > to me. No RBAC-based system like selinux? No attempt to secure the > supply chain until very recently with package signing? Chroot > functionality inferior to something like FreeBSD's jails? > > Not to mention that many services you would deploy an OpenBSD server > for are provided by ports and not the base system, forgoing the > strict auditing that OpenBSD provides. > > [... snip ...] > 1. Why doesn't OpenBSD have something like RBAC? 2. Is chroot really inferior to FreeBSD jails? Thanks. O.D.
