|
FreeBSD Security Securing FreeBSD. |
|
Thread Tools | Display Modes |
|
||||
MAC vs Jails: Compartmentalization Issues, Factors, and Considerations
Has anyone here built a FreeBSD system with a comprehensive MAC policy?
Assuming a MAC policy was properly designed to compartmentalize many services, how would performance and load compare to a similar system with those same services each compartmentalized via the jail method? This might be ignorant and far-out beyond the point of being goofy but: Has anyone ever seen a system (is this even possible) with a MAC policy that extends into the graphical user interface in such a way that several desktops could each have a different security context? Any experience, research, speculation, comments, discussion, etc. could be interesting. |
|
|||
Solaris used to allow that on the desktop with Trusted Extensions. I don't know if FreeBSD extends their MAC framework to the extent Sun Microsystems did. My gut tells me it isn't possible.
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
E-commerce set of applications in one or more jails | libertas | FreeBSD Security | 2 | 4th December 2015 08:11 PM |
ezjail, how to remove its /usr/jails | irukandji | FreeBSD Security | 1 | 26th March 2015 05:45 PM |
FreeBSD jails and ezjail | DNAeon | FreeBSD Security | 1 | 25th January 2010 08:53 AM |
Jails for OpenBSD | gpatrick | OpenBSD Security | 12 | 20th November 2009 03:44 AM |
jails, aliasing, router, and dmz? | neurosis | FreeBSD Security | 17 | 7th November 2008 03:47 AM |