Dnia poniedziałek, 30 listopada 2015 11:46:27 Steve Kinney pisze:
> On 11/30/2015 04:24 AM, James Harrison wrote:
> > On 29/11/2015 17:28, c4p0 wrote:
> >> someone can give me your opinion about it?
> >
> > SELinux on Jessie is a nightmare since there's no maintainers
> > for the refpolicy/MLS packages any more.
> >
> > AppArmor is probably the way to go, though it's pretty limited
> > in what it can do.
>
> A feature comparison;
>
> http://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html
>
> Yet another option:  Create your own 'Live DVD' from a shiny new
> security-enhanced OS instance, use encrypted R/W media for data
> file persistence.  Anything that does climb out of its sandbox
> won't persist beyond the current session.
>
> :o)

Actually, I was thinking of using a doctored SD card for the /boot partition.
Question is: is it possible to *physically* disable writes on an SD card?

CDs/DVDs are so unwieldy...

--
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147