SELinux should be off by default in FC3
Stephen Smalley
sds at epoch.ncsc.mil
Thu Oct 7 17:00:09 UTC 2004
On Thu, 2004-10-07 at 12:40, David Hollis wrote:
> Not to put SELinux in bad company, but the level of security provided by
> SELinux is very similar to what is provided by the Windows NT/XP
> security system and that doesn't seem to bother people too much. Of
> course, MS essentially turns it off to prevent that!
AFAIK, Windows does not provide mandatory access control. ACLs != MAC.
> If you find that
> SELinux doesn't work in your environment due to various reasons, it is
> quite easy to disable it though a much better alternative would be to
> work with the RH folks to get it to work properly in your environment.
> And don't forget - that may mean changing some of YOUR practices to make
> it work.
Or alternatively, customize the policy to fit your needs. That is why
SELinux is flexible - because no single policy meets everyone's needs.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-devel-list
mailing list