I just finished 'Absolute OpenBSD 2nd edtion' and drank too much OpenBSD kool-aid.
I have some linux experience. (which helped a lot flattening learning curve for OpenBSD) I am doing research if there is any missing functionality preventing me changing server OS from Linux to OpenBSD. I found softdep which can be a good substitute for journaling filesystem. But, I got to know that MAC(Mandatory Access Control) is not there, based on 'new functionality == new bug' philosophy of OpenBSD. I also have bad memory with SELinux, and I fully understand and agree to no-no to the old & complex MAC. But, some experience with recent MAC like Tomoyo Linux and SMACK, I got to know that MAC don't have to be that complex, Any newbie (including me) can set up whole system security policy by himself(or herself) easily and safely. And, such a easy and accessible MAC can help minimizing the damage after breach as a last resort. I read newbie question and answer about MAC(mandatory access control) at http://marc.info/?l=openbsd-misc&m=118351513004163&w=2 ------------------------------------------------------------ >I would like to know >from you why OpenBSD does not implement this type of mechanism. STFA! or JFGI! About the third or fourth hit will tell you. Doing your own research before asking here is strongly recommended. ------------------------------------------------------------ So, I googled. site:marc.info openbsd mandatory access control site:gmane.org openbsd mandatory access control site:marc.info openbsd tomoyo site:gmane.org openbsd tomoyo without any particulary helpful search result. Maybe, MAC is out of interest in OpenBSD world for too long time? Is there any opinion, policy or conclusion about newer & easier MAC implementation like Tomoyo or SMACK? I know newbie question like this is not recommended. But, I did my homework before this question. If you are fed up with newbie questions like this, any short hint or web link will be very appreciated. UnHa Kim [IMAGE]
