[Discuss] grsecurity

[Richard Pieri]

On 5/1/2012 2:46 PM, Tom Metro wrote:
> How is RBAC different from SELinux or AppArmor? (And why didn't they
> incorporate one of those?)

I don't know but I can guess.  It's chroot jails.  Locking down chroots 
is a standard feature of Grsecurity.  Neither SELinux nor AppArmor are 
aware of chroot contexts.  You can nest SELinux and chroot jails but you 
need to be diligent in auditing your security labels lest a misplaced 
label leave a gaping hole in your jail.

-- 
Rich P.