Can Solaris be SELinuxed ?
Stephen Smalley
sds at tycho.nsa.gov
Tue Mar 2 13:20:28 UTC 2010
On Tue, 2010-03-02 at 21:54 +0900, Shintaro Fujiwara wrote:
> Hi, my fellow worker is interested in Solaris.
> I'm persuading him to install Fedora, but he doesn't listen to me.
> Is Solaris 10 can be SELinuxized ?
Solaris 10 does not provide a direct equivalent to the flexible MAC
architecture and Type Enforcement model of SELinux. It does however
offer MLS ("Trusted Extensions", one label per zone) and RBAC (primarily
defined by trusted applications, with the kernel only aware of the
privilege mechanism) functionality.
There is a project to replicate the Flask architecture in OpenSolaris,
see:
http://hub.opensolaris.org/bin/view/Project+fmac/Presentations
However, it isn't clear what the future is for that project.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list