Dnia poniedziałek, 30 listopada 2015 11:46:27 Steve Kinney pisze:
On 11/30/2015 04:24 AM, James Harrison wrote:
On 29/11/2015 17:28, c4p0 wrote:
someone can give me your opinion about it?
SELinux on Jessie is a nightmare since there's no maintainers for the refpolicy/MLS packages any more.
AppArmor is probably the way to go, though it's pretty limited in what it can do.
A feature comparison;
http://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html
Yet another option: Create your own 'Live DVD' from a shiny new security-enhanced OS instance, use encrypted R/W media for data file persistence. Anything that does climb out of its sandbox won't persist beyond the current session.
:o)
Actually, I was thinking of using a doctored SD card for the /boot partition. Question is: is it possible to *physically* disable writes on an SD card? CDs/DVDs are so unwieldy... -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147