[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    selinux rsbac and grsecurity internels
From:       "shahbaz khan" <shazalive () gmail ! com>
Date:       2007-08-01 0:12:18
Message-ID: 7b740b700707311712n3c695740gb540b88412596a5a () mail ! gmail ! com
[Download RAW message or body]

I would like to ask a few questions from the experts regarding some
implementations. I am working on a survey on selinux rsbac and
grsecurity. Got some from mailing lists but need more. References will
be appreciated.. They are the following:

1. What is a security aware application. What functionality it can
provide? Has this functionality been provide in the other competitors.

2. Where are sids implemented. I have heard that they are history now.
How are they opaque to object managers?

3. What difference has PMS brought to selinux. Do we have such in
other implementations?

4. How is PMS implemented? Any technical documents? Is it a secure
application using the extended api?

5. How and where is AVC implemented?

6.Is there any good logging facility apart from regular denial? I have
heard rsbac and grsecurity has better logging facilities.

7. SELinux uses syscall interception. Is it through LSM? How does
rsbac and grsecurity manage this?

8. Of the topic but how does grsecurity implement acls and rbac. Is
rbac used through the acls or a seperate module?

9. How can we best judge the network controls of rsbac and grsecurity
w.r.t. implementation, usability and functionality?

I will be glad to put the names of responders in my survey document's
acknowledgements.

Thank you.
Shaz.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]