SELinux should be off by default in FC3
Felipe Alfaro Solana
felipe_alfaro at linuxmail.org
Thu Oct 7 18:52:55 UTC 2004
On Oct 7, 2004, at 18:40, David Hollis wrote:
> Not to put SELinux in bad company, but the level of security provided
> by
> SELinux is very similar to what is provided by the Windows NT/XP
> security system and that doesn't seem to bother people too much. Of
> course, MS essentially turns it off to prevent that!
That's esentially wrong. Windows does support Discretionary Access
Control which, althogh it's a little bit more advanced than UNIX DAC,
it's not Mandatory Access Control. Don't get confused: SELinux is
Mandatory Access Control, while uid/gid/masks are Discretionary Access
Control.
They are such different beasts: With DAC, permissions over resources
are managed by their owners (root or users). In a MAC-based system, a
policy governs how the system security behaves, and the policy is set
up by an administrator and obeyed by everyone.
More information about the fedora-devel-list
mailing list