Hi,
You might be talking about grsecurity and PaX [1]. SELinux hooks

through the LSM [2] framework. LSM was designed to be easily enabled

and disabled, so that should be a fundamental flaw. LSM has valid

criticisms [3] [4].
[1]

[2]

[3]

[4] 
Cheers,

      Ed
On 9/23/07, Darrin Chandler  wrote:

quoted text
> On Sat, Sep 22, 2007 at 11:34:33AM -0400, Douglas A. Tutty wrote:

> > Linux has SELinux in its 2.6 kernel and debian has gone ahead and

> > compiled SELinux into the libraries, although the SELinux policies

> > aren't ready on debian yet.  The whole focus seems to be to make Linux

> > "more secure".  I'm not sure what to make of it.  I figure that if you

> > want secure, you switch to OBSD.

> >

> > Could someone who knows both the details of OBSDs security enhancements

> > and the details of SELinux comment?

>

> I don't know all the details, and especially not the SELinux details,

> but that won't stop me from commenting.

>

> Not long ago I was talking with a Linux person about security, and they

> pointed me to a set of patches that did a lot of nifty stuff. Good

> stuff, like the things you find OpenBSD doing. But it's not in the

> mainline kernel, it's a set of patches.

>

> Security should not be grafted on, it should be integrated into the

> main development process. I'm sure the patch maintainers are doing their

> best, but this doesn't change the fundamental flaw in the process. It's

> not a flaw of their making, it's inherent in the situation. But it's

> still a flaw.

>

> Compare that to a complete operating system (OpenBSD) where security is part of

> code quality, and part of the normal mainline development.

>

> --

> Darrin Chandler            |  Phoenix BSD User Group  |  MetaBUG

> dwchandler@stilyagin.com   |  http://phxbug.org/      |  http://metabug.org/

> http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation