No more selinux-policy-*-sources
Arjan van de Ven
arjan at fenrus.demon.nl
Tue Mar 14 14:13:15 UTC 2006
> Not an answer to your question but there's an interesting discussion on
> AppArmor and SELinux in Dan Walsh's blog:
>
> http://danwalsh.livejournal.com/424.html
maybe it's time to accept that SELinux as technology is doomed. Not
because the code is bad, but because it's Just Too Complex(tm).
Complexity kills, and I think the time it is taking to get to the point
where at least less than 99% of the people turns selinux off first thing
is waay too long already.
Maybe it's a matter of focus; sometimes I get the impression the focus
is to give more coverage rather than to get the existing coverage to the
point where people use it... but maybe the later is just so much work
and so time consuming that it takes more time to get it than it takes
the codebase to change again.
More information about the fedora-devel-list
mailing list