Linked by Thom Holwerda on Wed 5th Mar 2008 09:43 UTC, submitted by diegocg
Sun Solaris, OpenSolaris "OpenSolaris has launched a new project, Flexible Mandatory Access Control, to integrate the Flask/TE security scheme into their OS. This is the same underlying model implemented by SELinux, and follows other cross-platform Flask/TE integration projects such as SEDarwin and SEBSD. This is very exciting in terms of establishing compatible security across operating systems, particularly for Mandatory Access Control, which has traditionally been narrowly focused and generally incompatible. With FMAC, we're closer to seeing truly ubiquitous, cross-platform MAC security."
Thread beginning with comment 303508
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Trusted Solaris?
by danieldk on Wed 5th Mar 2008 19:11 UTC in reply to "RE[3]: Trusted Solaris?"
danieldk
Member since:
2005-11-18

Well, the 12% (on x86 for reads) to 147% (on SH series processors for writes, and no that's not a typo) cpu overhead of SELinux is rather significant.


That's a too unbalanced statement. 12% overhead on what? As far as I know, the overhead is on certain system calls. Most CPU-intensive applications will relatively only spend very little time in system calls. So, overall, the impact is not that much, while it does give much more security. Seems like a fair trade-off to me.

Reply Parent Score: 2