Hi, I attended a product briefing at Computer Associates on Thursday, and one of the products that was discussed more than demonstrated was something called eTrust Access Control[1], which, from my interpretation, sounds like it achieves something similar to what SE Linux probably does. That's not really the point of this email though.
I asked one of the engineering types about their Linux support for this product during one of the breaks. It can enforce a policy on Windows, a few commercial Unix variants, and on "Linux". When I pressed the engineer on what Linux distros were supported, it was just RedHat Enterprise Linux. He did mention that they'd looked into supporting Debian, but slammed the lid back down on it after they had discovered (and I'm paraphrasing) "multiple kernels with the same version number". What I'm suspecting is he was referring to was all the various CPU optimised kernels, but I didn't press him for details at the time. My question to you guys is, if CA's distributing the Linux version of their product as a loadable module (which I presume is how they're distributing it), is the kernel ABI the same between the various CPU optimised kernels? My guess is it isn't. As someone who once deployed an entire gateway infrastructure on Debian, and then later had CA Unicenter foisted upon it, I have a bit of a personal interest in seeing the barriers for commercial software vendors to support Debian be as low as possible. It came down to if we wanted Unicenter, we couldn't run Debian, because CA didn't support running the Unicenter agents on Debian, and that made me sad at the time (not that I particularly wanted anything to do with Unicenter, but that was beyond my control). I can probably arrange for a dialog between the kernel team and CA if anything thinks that anything could be achieved by doing so. regards Andrew [1] http://www3.ca.com/Solutions/Product.asp?ID=154
signature.asc
Description: Digital signature
