On Wed, Aug 13, 2003 at 03:05:52PM +0100, Paul Nasrat wrote:On Wed, Aug 13, 2003 at 07:52:57AM -0600, Chris Ricker wrote:<re-routed to devel list>Speaking of which, is there any interest in incorporating RSBAC (preferably) or SELinux into RHLP, long-term?SELinux architecture has been merged in 2.6.0-test3, so I imagine that Cambridge++ will have that SELinux in it.Well, the technology exists in the kernel source tree, and we encouraged its inclusion in the mainline tree. But SELinux has other components, particularly userland code changes and policy. Policy management is a major job in and of itself. Also, there's a performance cost to enabling SELinux that needs to be considered. As I've mentioned before, upstream acceptance is a key point; this distinguishes SELinux. In addition, Red Hat is specifically working on SELinux, as mentioned in a webcast we did recently: https://www.redhat.com/apps/webform.html?event_type=webcast&eid=225 And the top search response on SELinux on our web site is this page: http://www.redhat.com/solutions/security/SELinux.html We haven't made a committment to include SELinux in Cambridge++, nor to not include it. :-) We're certainly actively working on SELinux, and if there are like-minded developers who want to, say, participate with us in doing policy work, speak up, and maybe it will make sense. I'm personally curious: how many people on this list have worked on SELinux policy and/or policy tools? michaelkjohnson "He that composes himself is wiser than he that composes a book." Linux Application Development -- Ben Franklin http://people.redhat.com/johnsonm/lad/ -- Rhl-devel-list mailing list Rhl-devel-list redhat com http://www.redhat.com/mailman/listinfo/rhl-devel-list