Easier than SELinux
Posted Sep 30, 2005 7:51 UTC (Fri) by skarkkai
Parent article: Rule set based access control
I have used RSBAC in past, and I find it vastly easier to use than SELinux. SELinux has the major advantage of being in the standard kernel and especially, for Redhat/Fedora users, being configured to work out of box with those distributions. However if you need serious security and will be changing the configuration of your systems any significant amount, you will also need to be making changes to the security system configuration, be it SELinux or RSBAC. In such a situation, the easier configurability of RSBAC could be very important.
When it comes to features and achieveable level of security, I'd be inclined to say RSBAC has the upper hand, but I don't remember the details well enough to say anything much concrete about this.
I think it's unfortunate that the LSM framework is the one security framework accepted into the standard kernel. I find Amon Ott's arguments about why RSBAC can't work with LSM concinving, and it's sad that RSBAC, a very high quality, well maintained secury system, is effectively kept out of the standard kernel forever for this reason.
to post comments)