Has anyone here built a FreeBSD system with a comprehensive
MAC policy?
Assuming a MAC policy was properly designed to compartmentalize many services, how would performance and load compare to a similar system with those same services each compartmentalized via the
jail method?
This might be ignorant and far-out beyond the point of being goofy but: Has anyone ever seen a system (is this even possible) with a MAC policy that extends into the graphical user interface in such a way that several desktops could each have a different security context?
Any experience, research, speculation, comments, discussion, etc. could be interesting.