Good points. Far as SELinux and grsec combined, it might help if you know what Type Enforcement is really supposed to do in practice. It's not just isolation like rule-based control. The most powerful things about it were "assured pipelines" that could deal with transitive issues or force things to happen somewhat in order.
LOCK platform still kicks its successors' (esp Linux + SELinux) asses in many ways despite time passed. Just shows how little mainstream learns from the past or even present in terms of secure stuff in academia. Hope you enjoy the LOCK and CHERI designs if not FLASK, of which I'm not a fan either.
Relevant papers for it here:
https://news.ycombinator.com/item?id=10522894
LOCK platform still kicks its successors' (esp Linux + SELinux) asses in many ways despite time passed. Just shows how little mainstream learns from the past or even present in terms of secure stuff in academia. Hope you enjoy the LOCK and CHERI designs if not FLASK, of which I'm not a fan either.