MAC policies and shared hosting
Borja Marcos
BORJAMAR at sarenet.es
Fri May 12 00:23:55 UTC 2006
> Unfortunately the MAC framework just doesn't seem to get
> as much attention as I'd like. I think the problem was
> that the TrustedBSD project seemed very 'closed' in that the
> site was quite rarely updated and it was difficult to get news
> on developments. It seemed, for a long time, that nobody was
> interested in it.
Well, I am loving it, really.
> It'd be nice to see a ton of tutorials, papers and documentation
> for it. I personally would write quite a bit on it if I could get
> started
> but unfortunately my 'expertise' begins and ends at the web server
> example in the handbook.
>
> I think also the MAC framework is perceived as being too difficult
> to use and too detached from FreeBSD itself. Hopefully the latter
> will improve when BSM is integrated with the system and the
> former is entirely subjective anyway.
Well, as you increase security there is a tradeoff. But I'm trying to
come up with a reasonable balance between security and convenience.
Deploying it has important consequences on operations like, for
example, a make world. You must be aware of it.
I'm trying to do it in the Apple way: make it simple enough to be
usable, but make it strong enough :)
Borja.
More information about the freebsd-security
mailing list