As
noted at SELinux News, OpenSolaris has
launched a new project,
Flexible Mandatory Access Control (FMAC), to integrate the
Flask/TE security scheme into their OS. This is the same underlying model implemented by SELinux, and follows other cross-platform Flask/TE integration projects such as
SEDarwin and
SEBSD.
This is very exciting in terms of of establishing compatible security across operating systems, particularly for Mandatory Access Control, which has traditionally been narrowly focused and generally incompatible. With FMAC, we're closer to seeing truly ubiquitous, cross-platform MAC security.
I'll be interested to see how they approach the integration, with the opportunity to learn lessons from the SELinux experience.
It'll also be great to have an expanded TE/Flask community. According to their
project page, areas of work include improving usability (we can never have enough of that), desktop integration via
XACE, integration with Xen (presumably via
XSM),
Labeled NFS, and Labeled IPSec. It seems they already have a separate project for the latter,
txipsec.
I'll be watching with great interest, and would like to offer any assistance in ensuring interoperability with SELinux.