No more selinux-policy-*-sources
Alan Cox
alan at redhat.com
Tue Mar 14 16:29:53 UTC 2006
On Tue, Mar 14, 2006 at 04:52:54PM +0100, Dennis Jacobfeuerborn wrote:
> I understand that but if this system that "solves the fundamental problems"
> is so complex that most people just turn it off then the gain in security
> you get is pretty much theoretical. Security isn't an all-or-nothing thing
> and right now there seems to be chasm between the very basic traditional
It becomes a packaging problem. For most users SELinux just works and they
take the defaults. The argument you are making is not new btw, the same was
said about firewalling by default years ago and today would be regarded as
deeply silly.
In part the risk model changed, in part the tools improved
> Unix model and the very secure but extremely complex SELinux. It looks like
> AppArmor fits in quite well between these two extremes.
Looks pretty, does little ? Thats not a good combination. I agree entirely
about the lack of easy tool configuration for SELinux.
Anyway if AppArmor wats to become anything serious it needs to get upstream
and I see no evidence of them even trying to do that. If it gets upstream
dropping the tools for it into extras is easy
More information about the fedora-devel-list
mailing list