Posted by: Anonymous Coward
on December 12, 2006 10:51 AM
First off, grsecurity is fundamentally different from SELinux. Whereas SELinux attempts to contain Bad Stuff (TM) from spreading throughout the system, grsecurity aims to prevent Bad Stuff (TM) from happening (by stack protection, bounds-checking, randomization, and rootkit prevention) and contain it (through access controls).
Second, grsecurity is much easier to setup than SELinux (though to get the full benefit is very difficult, as your entire userspace must be compiled as position-independent code — a problem for certain large programs like X.
Another thing with SELinux is its use of LSM’s, which make visible information about a running kernel that would aide a potential rootkit very much.
Learn about Linux
Download Linux
Get Linux help
Re:Hmm
Posted by: Anonymous Coward on December 12, 2006 10:51 AMSecond, grsecurity is much easier to setup than SELinux (though to get the full benefit is very difficult, as your entire userspace must be compiled as position-independent code — a problem for certain large programs like X.
Another thing with SELinux is its use of LSM’s, which make visible information about a running kernel that would aide a potential rootkit very much.
#