I'm still pretty new to FreeBSD and most of my Linux security experience is just setting basic file permissions and firewall settings. In reading through the FreeBSD Handbook though, I remember being very struck by the contrast between how clean and simple the system as a whole aims to be and how complex the set of security systems seems to be.
For example, Unix file permissions, file flags, ACLs and (possibly?) MAC all seem to have some overlapping or, at least, highly related functionality. The OS comes with PF, IPFW, and IPFILTER and altq and dummynet, which all seem to have related functionality. Then there are a bunch of other systems like MAC, jails, chroot, process accounting, resource limits and auditd. I'm not necessarily saying all of these should be one master security entity, but it seems to me like the amount of distinct and perhaps competing philosophies and interfaces for setting security makes it a lot harder to comprehend the security setup of the system which is both annoying and dangerous. For example, it seems rather difficult for an admin to see all policies (all different permissions, quotas, logging, etc.) related to a particular system action being done. Instead they have to go to a bunch of different, perhaps competing, systems? This, to me, seems to make it likely that an admin might not realize certain loopholes or restrictions if it's all so spread out.
Could anybody here speak to the design decisions that motivated this and how well you think it works in practice to have so many separate security systems?
For example, Unix file permissions, file flags, ACLs and (possibly?) MAC all seem to have some overlapping or, at least, highly related functionality. The OS comes with PF, IPFW, and IPFILTER and altq and dummynet, which all seem to have related functionality. Then there are a bunch of other systems like MAC, jails, chroot, process accounting, resource limits and auditd. I'm not necessarily saying all of these should be one master security entity, but it seems to me like the amount of distinct and perhaps competing philosophies and interfaces for setting security makes it a lot harder to comprehend the security setup of the system which is both annoying and dangerous. For example, it seems rather difficult for an admin to see all policies (all different permissions, quotas, logging, etc.) related to a particular system action being done. Instead they have to go to a bunch of different, perhaps competing, systems? This, to me, seems to make it likely that an admin might not realize certain loopholes or restrictions if it's all so spread out.
Could anybody here speak to the design decisions that motivated this and how well you think it works in practice to have so many separate security systems?