MAC policies and shared hosting

mal content at
Thu May 11 19:09:12 UTC 2006

On 5/10/06, Borja Marcos <BORJAMAR at> wrote:
> There is great stuff in the MAC framework, indeed, and the
> possibilities are endless. Best of that, security decisions go back
> to the place they should have never abandoned: the operating system :)
> I've just ordered the new O'Reilly book about FreeBSD and OpenBSD
> security, but it seems that it doesn't mention the MAC framework at
> all :(

Unfortunately the MAC framework just doesn't seem to get
as much attention as I'd like. I think the problem was
that the TrustedBSD project seemed very 'closed' in that the
site was quite rarely updated and it was difficult to get news
on developments. It seemed, for a long time, that nobody was
interested in it.

It'd be nice to see a ton of tutorials, papers and documentation
for it. I personally would write quite a bit on it if I could get started
but unfortunately my 'expertise' begins and ends at the web server
example in the handbook.

I think also the MAC framework is perceived as being too difficult
to use and too detached from FreeBSD itself. Hopefully the latter
will improve when BSM is integrated with the system and the
former is entirely subjective anyway.

There's quite a large gap in ports for some software that puts
a friendly face on some of the MAC policies such as biba, MLS,

Hmm. Brain spilled out onto the keyboard a bit then. I'll put it
back in it's cage for now.


More information about the freebsd-security mailing list