On Tue, 25 Sep 2007 00:08:15 +1000, David Gwynne <[EMAIL PROTECTED]> wrote:
> What I'm trying to say is that all the services I listed before make > their own little SELinux layer with appropriate policy built into > them. Better than SELinux though is that the monitor is enabled by > default and generally can't be turned off. Even more interesting is > that this policy enforcement is portable to other unix like operating > systems, it's not restricted to the OpenBSD kernel. What makes this so effective is that it's built-in by the people who understand it best, the developers. Not some Jr. Sysadmin tasked with standing up a new Linux server and trying to write his own SELinux policy from scratch. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
