Re: [Tails-dev] Mandatory Access Control, SELinux and Tails

Borrar esta mensaxe

Responder a esta mensaxe
Autor: Andreas Kuckartz
Data:  
Para: The Tails public development discussion list
Asunto: Re: [Tails-dev] Mandatory Access Control, SELinux and Tails
Ague Mill:
> intrigeri is working on AppArmor. He has done quite some work
> already to have the basic stuff done for Debian Wheezy. This is
> upstream work, so it is documented on the Debian wiki:
> <https://wiki.debian.org/AppArmor>


I was aware that AppArmor work is going on in Debian and this is good.
And I agree that most of such work should be done as far upstream as
possible.

I will not debate against AppArmor or try to promote SELinux against
it here. Those working on such software know about the advantages and
disadvantages of the different approaches.

Here is some current information about SELinux in Debian:
http://etbe.coker.com.au/tag/selinux/

> Well, Tails does not have that many contributors. Would you do the
> initial work and maintain it afterward?


I can not commit to that, but I will see what I can do regarding
initial work. I already had a bit of practice with the Tails build
process. Ideally maintenance will mostly be done upstream - including
policy maintenance.

> Is it compatible with SquashFS?


SELinux requires xattr-support. According to this page SquashFS
supports xattr since Linux 2.6.35, so that should work with a current
kernel version (but I have not yet tried):
http://kernelnewbies.org/Linux_2_6_35#head-7b60ef60876830625c37e8f1c24e460eebc418cc

Cheers,
Andreas