Changes

Page history
Adjust for ikiwiki → GitLab wiki authored by intrigeri's avatar intrigeri
Show whitespace changes
Inline Side-by-side
Mandatory_Access_Control.md
View page @ a5d53a93
[[!tag archived]]
Rationale
=========
Using some kind of [[!wikipedia Mandatory Access Control]], such as
Using some kind of [Mandatory Access Control](https://en.wikipedia.org/wiki/Mandatory%20Access%20Control), such as
GrSecurity, AppArmor or SELinux, would make exploitation of security
issues in bundled software harder.
......@@ -13,7 +13,7 @@ Possible solutions
AppArmor
--------
See [[contribute/design/application_isolation]].
See [application isolation](https://tails.boum.org/contribute/design/application_isolation).
grsecurity
----------
......@@ -39,7 +39,7 @@ Users:
it does not include grsecurity RBAC feature.
- Work to add a grsec kernel flavour to Debian seems to be stalled:
[[!debbug 605090]].
[Debian bug #605090](https://bugs.debian.org/605090).
- Ubuntu developers [used to actively work](https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening)
to upstream grsec features mainline, but this effort seems to have
stalled, or rather moved to another employer along with Kees Cook.
......@@ -65,8 +65,7 @@ Smack
-----
The Smack MAC LSM is part of the Linux kernel
([homepage](http://schaufler-ca.com/), [[!wikipedia
Simplified_Mandatory_Access_Control_Kernel]]). It does not seem to be
([homepage](http://schaufler-ca.com/), [Simplified Mandatory Access Control Kernel](https://en.wikipedia.org/wiki/Simplified%5FMandatory%5FAccess%5FControl%5FKernel)). It does not seem to be
used by any GNU/Linux distribution out there.
TOMOYO Linux
......@@ -86,7 +85,7 @@ A "tomoyo learning daemon" is actually being developed by a third party :
[tomld](http://log69.com/tomld_en.html), might be worst having a look and test it.
For informations on the ongoing tests of this solution, see the
[[tomoyo|Mandatory_Access_Control/tomoyo]] subpage.
[tomoyo](Mandatory_Access_Control/tomoyo) subpage.
RSBAC
-----
......@@ -110,3 +109,4 @@ Resources
- [yet another comparison](http://elinux.org/Mandatory_Access_Control_Comparison)
- [An exploit that was able to bypass SELinux and AppArmor protections](http://lwn.net/Articles/341773/) by the author
of grsecurity, which was safe.