SELinux removed from desktop cd spin?

Benjamin Kreuter ben.kreuter at
Thu Jan 17 15:08:57 UTC 2008

On Thursday 17 January 2008 09:53:59 Valent Turkovic wrote:
> Are you actually saying that SELinux is security silver bullet?
> If you know anything about security you know that there is no silver
> bullet in security is it always a trade off in usability vs. security.

Which we try to mitigate with "permissive" mode.

> A quick googleing showed that security experts see SELinux like a
> backdor and as a problem just waiting to happed, and they suggest

An even quicker search on Google reveals that RHEL5 with SELinux enabled and 
in enforcing mode has top security marks from the NSA, rivaled only by 
TrustedSolaris 10.

> "As a final note, I follow the logic of the grsecurity team, who claim
> that LSM and SELinux are backdoors waiting to happen."

Any program that provides security is a backdoor waiting to happen.  What is 
your point?  SELinux is meant to secure common exploits in other programs, 
such as Apache trying to write to /etc/passwd.  Could SELinux be vulnerable?  
Sure.  So could your keyboard driver.

-- Benjamin Kreuter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the fedora-devel-list mailing list