On Mon, Nov 30, 2015 at 3:54 PM, rysiek <[1]rysiek@hackerspace.pl>
   wrote:

     Dnia poniedziałek, 30 listopada 2015 11:46:27 Steve Kinney pisze:
     > On 11/30/2015 04:24 AM, James Harrison wrote:
     > > On 29/11/2015 17:28, c4p0 wrote:
     > >> someone can give me your opinion about it?
     > >
     > > SELinux on Jessie is a nightmare since there's no maintainers
     > > for the refpolicy/MLS packages any more.
     > >
     > > AppArmor is probably the way to go, though it's pretty limited
     > > in what it can do.
     >
     > A feature comparison;
     >
     >
     [2]http://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.h
     tml
     >
     > Yet another option:  Create your own 'Live DVD' from a shiny new
     > security-enhanced OS instance, use encrypted R/W media for data
     > file persistence.  Anything that does climb out of its sandbox
     > won't persist beyond the current session.
     >
     > :o)
     Actually, I was thinking of using a doctored SD card for the /boot
     partition.
     Question is: is it possible to *physically* disable writes on an SD
     card?
     CDs/DVDs are so unwieldy...
     --
     Pozdrawiam,
     Michał "rysiek" Woźniak
     Zmieniam klucz GPG :: [3]http://rys.io/pl/147
     GPG Key Transition :: [4]http://rys.io/en/147

   Except anything that writes to your other hardware, firmwares, BIOS
   etc...
   R/O is a good idea, though. Just, don't consider it the 'silver
   bullet'.
   --
   [5]Twitter | [6]LinkedIn | [7]GitHub | [8]TravisBiehn.com | [9]Google
   Plus

References

   1. mailto:rysiek@hackerspace.pl
   2. http://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html
   3. http://rys.io/pl/147
   4. http://rys.io/en/147
   5. https://twitter.com/tbiehn
   6. http://www.linkedin.com/in/travisbiehn
   7. http://github.com/tbiehn
   8. http://www.travisbiehn.com/
   9. https://plus.google.com/+TravisBiehn