No more selinux-policy-*-sources
Dennis Jacobfeuerborn
d.jacobfeuerborn at conversis.de
Tue Mar 14 14:24:45 UTC 2006
Arjan van de Ven wrote:
>> Not an answer to your question but there's an interesting discussion on
>> AppArmor and SELinux in Dan Walsh's blog:
>>
>> http://danwalsh.livejournal.com/424.html
>
>
> maybe it's time to accept that SELinux as technology is doomed. Not
> because the code is bad, but because it's Just Too Complex(tm).
> Complexity kills, and I think the time it is taking to get to the point
> where at least less than 99% of the people turns selinux off first thing
> is waay too long already.
I wouldn't say it's doomed I would just say that it seems focused on
addressing needs most users don't have. It should be pitched as a solution
to people who have extreme security needs and the resources to support such
complex solutions. AppArmor looks more attractive to me because while it
may not be perfect at least it's usable and easily understandable compared
to selinuxes black wizardry.
Regards,
Dennis
More information about the fedora-devel-list
mailing list