You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Two systems for MAC are apparmor and selinux. A third option is grsec rbac, but since it's unclear at this point whether sandstorm will even run on a grsec patched kernel (and even if it does relying on a grsec hardened kernel limits hosting options) lets focus on the first two at least for now.
I'm leaning towards apparmor for the following reasons:
It's much better supported in the Debian world
It's less work to understand, set up, and maintain
Even though we cant write a profile for Sandstorm itself, I don't think we'd get much benefit if we could [1]
So lets install/configure profiles for other important processes attached to the network.
[1]
The big advantage of selinux for us is that we might be able to write a selinux profile for sandstorm, but we cannot with apparmor because apparmor is file path based and sandstorm needs to be able to use 'mount' which can bypass any file path based restrictions.
BUT, sandstorm is the process that will be directly managing all of our users data... so confining with selinux will not limit any of that access if sandstorm itself is compromised. The only potential gain is that an attacker that compromises sandstorm might not be able to install a rootkit or otherwise mess with the server.
The text was updated successfully, but these errors were encountered:
Two systems for MAC are apparmor and selinux. A third option is grsec rbac, but since it's unclear at this point whether sandstorm will even run on a grsec patched kernel (and even if it does relying on a grsec hardened kernel limits hosting options) lets focus on the first two at least for now.
I'm leaning towards apparmor for the following reasons:
So lets install/configure profiles for other important processes attached to the network.
[1]
The big advantage of selinux for us is that we might be able to write a selinux profile for sandstorm, but we cannot with apparmor because apparmor is file path based and sandstorm needs to be able to use 'mount' which can bypass any file path based restrictions.
BUT, sandstorm is the process that will be directly managing all of our users data... so confining with selinux will not limit any of that access if sandstorm itself is compromised. The only potential gain is that an attacker that compromises sandstorm might not be able to install a rootkit or otherwise mess with the server.
The text was updated successfully, but these errors were encountered: