> 1. Base Linux is not C2 certified
That could be fixed... (right?) Filesystems returning data past the
end of what the user wrote might be a big problem though -- this must
be guaranteed even in obscure corner cases.
> 2. C2 is obsolete
Obsolete or not, it is mandatory for some people. No check box,
no purchase order (or no certificate of operation.)
> 3. NSA SELinux can do the needed stuff from scanning the code
But will it get merged?
> 4. Even then data erasure is not guaranteed because of the drive logic
People who really care require the drive be reduced to pieces small
enough to fit through a sieve with ~2mm holes in it before it leaves
their sight. For the rest, overwrite of the swap data is a useful if
not 100% reliable step to take. Legitimate users with servers locked
up in secure areas don't really worry about someone unplugging the box
and walking away with it either.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to email@example.com
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/