View Single Post
  #1   (View Single Post)  
Old 21st November 2017
hanzer's Avatar
hanzer hanzer is offline
Real Name: Adam Jensen
just passing through
 
Join Date: Oct 2013
Location: EST USA
Posts: 314
Default MAC vs Jails: Compartmentalization Issues, Factors, and Considerations

Has anyone here built a FreeBSD system with a comprehensive MAC policy?

Assuming a MAC policy was properly designed to compartmentalize many services, how would performance and load compare to a similar system with those same services each compartmentalized via the jail method?

This might be ignorant and far-out beyond the point of being goofy but: Has anyone ever seen a system (is this even possible) with a MAC policy that extends into the graphical user interface in such a way that several desktops could each have a different security context?

Any experience, research, speculation, comments, discussion, etc. could be interesting.
Reply With Quote