From: Casey Schaufler <casey@sgi.com>
To: selinux@tycho.nsa.gov
Cc: egoodwin@unimatrix.com
Subject: Re: SGI Challenge XL
Date: Wed, 04 Dec 2002 11:56:51 -0800 [thread overview]
Message-ID: <3DEE5E03.BCA7A357@sgi.com> (raw)
In-Reply-To: 200212021716.58396.russell@coker.com.au
Russell Coker wrote:
>
> On Mon, 2 Dec 2002 14:50, egoodwin@unimatrix.com wrote:
> > Has anyone worked with an SGI Challenge XL server and SE Linux as yet? We
> > would like to bring this server back from retirement and consider this
> > project an excellent reason to do so. While we still have IRIX 6.5.2
> > loaded to the machine, we would rather have it running Linux. Is it
> > possible to patch IRIX's kernel, or should we go with Linux? There is a
> > version of Linux compiled for the Challenge XL, although its not exactly
> > one that is in "active development".
True enough. We don't support Linux on our MIPS platforms, but
we do try to keep an eye out for people doing interesting things
with it. To date, I know of no one who has put SELinux onto a
MIPS platform.
> SE Linux is not going to apply to other OSs without a lot of work.
Give that man the Understatement of the Week Award!
> I suspect that the IRIX kernel may have more in common with FreeBSD than Linux and
> therefore TrustedBSD may be of more use to someone wanting to get a hardened
> IRIX. Of course this requires IRIX source code...
Just an aside, but Irix is "hardened" already. The base OS is
Common Criteria evaluated (that's a good thing) and includes
ACLs, audit, and POSIX capabilties. There's also a "Trusted Irix"
add on (costs extra, and I get credit for it!) with Mandatory Access
Control and the SuperUser removed.
> SE Linux could be ported to MIPS CPUs, and it shouldn't be that difficult.
> But it may be a lot easier to just buy a new Intel machine. A quick google
> search suggests that we're talking about 8yo hardware, it shouldn't be
> difficult to buy a small cluster of Intel machines to deliver greater
> performance (which will probably cost you less than paying someone to port SE
> Linux to MIPS).
Most likely true.
--
Casey Schaufler Manager, Trust Technology, SGI
casey@sgi.com voice: 650.933.1634
casey_p@pager.sgi.com Pager: 877.557.3184
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
prev parent reply other threads:[~2002-12-04 19:57 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-12-02 1:12 automake Joshua Brindle
2002-12-02 13:50 ` SGI Challenge XL egoodwin
2002-12-02 16:16 ` Russell Coker
2002-12-04 19:56 ` Casey Schaufler [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3DEE5E03.BCA7A357@sgi.com \
--to=casey@sgi.com \
--cc=egoodwin@unimatrix.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.