Mandatory Access Control ?
Travis Biehn
tbiehn at gmail.com
Mon Nov 30 13:08:43 PST 2015
On Mon, Nov 30, 2015 at 3:54 PM, rysiek <rysiek at hackerspace.pl> wrote:
> Dnia poniedziałek, 30 listopada 2015 11:46:27 Steve Kinney pisze:
> > On 11/30/2015 04:24 AM, James Harrison wrote:
> > > On 29/11/2015 17:28, c4p0 wrote:
> > >> someone can give me your opinion about it?
> > >
> > > SELinux on Jessie is a nightmare since there's no maintainers
> > > for the refpolicy/MLS packages any more.
> > >
> > > AppArmor is probably the way to go, though it's pretty limited
> > > in what it can do.
> >
> > A feature comparison;
> >
> > http://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html
> >
> > Yet another option: Create your own 'Live DVD' from a shiny new
> > security-enhanced OS instance, use encrypted R/W media for data
> > file persistence. Anything that does climb out of its sandbox
> > won't persist beyond the current session.
> >
> > :o)
>
> Actually, I was thinking of using a doctored SD card for the /boot
> partition.
> Question is: is it possible to *physically* disable writes on an SD card?
>
> CDs/DVDs are so unwieldy...
>
> --
> Pozdrawiam,
> Michał "rysiek" Woźniak
>
> Zmieniam klucz GPG :: http://rys.io/pl/147
> GPG Key Transition :: http://rys.io/en/147
Except anything that writes to your other hardware, firmwares, BIOS etc...
R/O is a good idea, though. Just, don't consider it the 'silver bullet'.
--
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2741 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20151130/3f756183/attachment-0002.txt>
More information about the cypherpunks
mailing list