Linked by Thom Holwerda on Wed 5th Mar 2008 09:43 UTC, submitted by diegocg
Sun Solaris, OpenSolaris "OpenSolaris has launched a new project, Flexible Mandatory Access Control, to integrate the Flask/TE security scheme into their OS. This is the same underlying model implemented by SELinux, and follows other cross-platform Flask/TE integration projects such as SEDarwin and SEBSD. This is very exciting in terms of establishing compatible security across operating systems, particularly for Mandatory Access Control, which has traditionally been narrowly focused and generally incompatible. With FMAC, we're closer to seeing truly ubiquitous, cross-platform MAC security."
Thread beginning with comment 303493
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Trusted Solaris?
by binarycrusader on Wed 5th Mar 2008 14:12 UTC in reply to "RE: Trusted Solaris?"
binarycrusader
Member since:
2005-07-06

It is a port of SELinux. Specifically a port of the pre-GPL version.

Trusted Solaris has been abandoned for various reasons (it was always way behind Solaris, hard to maintain, etc) and not all Sun customers were happy with trusted extensions.


I don't know where you got your information, but it is wrong.

Contrary to your assertion that Trusted Solaris was abandoned, all of its technology has instead been integrated into the main release. In addition, if you actually take the time to read many discussions on opensolaris.org about the Trusted Extensions it brought, you would see that government customers especially liked them.

So, I assert that your source of information needs review.

Edited 2008-03-05 14:21 UTC

Reply Parent Score: 7

RE[3]: Trusted Solaris?
by Method on Wed 5th Mar 2008 14:55 in reply to "RE[2]: Trusted Solaris?"
Method Member since:
2006-05-15

I don't know where you got your information, but it is wrong.

Contrary to your assertion that Trusted Solaris was abandoned, all of its technology has instead been integrated into the main release. In addition, if you actually take the time to read many discussions on opensolaris.org about the Trusted Extensions it brought, you would see that government customers especially liked them.

So, I assert that your source of information needs review.


Right, So Trusted Solaris technology hasn't been integrated into the main release. One of the main things that was dropped from Trusted Solaris is fine grained labeling (which some Sun people claim is unnecessary). Trusted Extensions simply does not do the same thing that Trusted Solaris did. I have personal knowledge of ex-Sun customers that found Trusted Extensions inadequate for their uses.

Granted many components of Trusted Solaris has been brought into Trusted Extensions (e.g., trusted X, labeled networking, etc). I may have been a little harsh by saying 'abandoned' and for that I apologize.

Reply Parent Score: 3

RE[4]: Trusted Solaris?
by binarycrusader on Wed 5th Mar 2008 16:12 in reply to "RE[3]: Trusted Solaris?"
binarycrusader Member since:
2005-07-06

"I don't know where you got your information, but it is wrong.

Contrary to your assertion that Trusted Solaris was abandoned, all of its technology has instead been integrated into the main release. In addition, if you actually take the time to read many discussions on opensolaris.org about the Trusted Extensions it brought, you would see that government customers especially liked them.

So, I assert that your source of information needs review.


Right, So Trusted Solaris technology hasn't been integrated into the main release.
"

No, technology from Trusted Solaris has been integrated into the main release. Maybe not the GA release yet (though I thought it was) though.

One of the main things that was dropped from Trusted Solaris is fine grained labeling (which some Sun people claim is unnecessary). Trusted Extensions simply does not do the same thing that Trusted Solaris did. I have personal knowledge of ex-Sun customers that found Trusted Extensions inadequate for their uses.


Regardless of personal knowledge of such things, it's hardly news that some folks find certain technology inadequate for their uses. Some people like things, some don't. Some people have their needs met, some don't.

Just as many people find SELinux inadequate for their needs. I certainly do. I absolutely despise SELinux and believe it to be the worst thing ever. Maybe the concept is great, but the implementation in most GNU/Linux distributions is horrid and unusable.

Granted many components of Trusted Solaris has been brought into Trusted Extensions (e.g., trusted X, labeled networking, etc). I may have been a little harsh by saying 'abandoned' and for that I apologize.


That was my main point. Sun engineers took the "best of breed" technology from Trusted Solaris and integrated it. Trusted Solaris, to the engineers, was really just Solaris + Trusted Extensions from what I've been told.

Reply Parent Score: 3

RE[4]: Trusted Solaris?
by Elektronkind on Fri 7th Mar 2008 01:21 in reply to "RE[3]: Trusted Solaris?"
Elektronkind Member since:
2006-09-22

The Trusted Solaris extensions got integrated into Solaris with Solaris 10 Update 3.

I know this well because I had to fix the Solaris OpenAFS client driver because it directly molested a cred_t and the TS integration changed the size of that Private struct, and that broke binary compatibility in OpenAFS driver. ddi_cred(9F) to the rescue... that's what OpenAFS should have used in the first place.

Yes, Method needs to get his/her sources straight. Binarycrusader is correct. "Trusted Solaris" ceased being a separate product and its functionality was folded into Solaris 10 proper. This is why you don't see a "Trusted Solaris 10" product... because it is Solaris 10.

Edited 2008-03-07 01:25 UTC

Reply Parent Score: 2