Glenn Faden, Distinguished Engineer at Sun Microsystems has published this very insightful article about the differences between the Trusted Solaris successor - Solaris Trusted Extensions and Red Hat Enterprise Linux which contains SELinux functionality.
Overview of the Trusted Extensions and RHEL5 LSPP Systems
The Solaris 10 Operating System provides new frameworks for containment (zones), user rights management (roles and authorizations), and process rights management (privileges). The Trusted Extensions software, introduced in the Solaris 10 11/06 OS, extends these frameworks by adding sensitivity labels to provide a mandatory access control (MAC) policy base that implements multilevel security. Since the Trusted Extensions software preserves all the basic Solaris OS functionality, new features added to the Solaris OS are, by definition, compatible with Trusted Extensions.
The Red Hat Enterprise Linux 5 OS includes SELinux, which is a framework for describing a security policy based on security contexts. A security context consists of a user identity, a role, a type, and an optional MLS level or range. The user identity attribute in the security context is independent of the ordinary Linux user identity attributes. The SELinux mandatory access controls remain completely orthogonal to the existing Linux access controls. As a result, a process must pass standard policy controls before anything from the SELinux module applies.
Neither RHEL5 LSPP nor the Solaris 10 11/06 OS enables the use of sensitivity labels by default.
Leave a comment
You must be logged in to post a comment.