Why do I need SELinux?
Rahul Sundaram
rahulsundaram at gmail.com
Mon Feb 21 12:42:02 UTC 2005
On Mon, 21 Feb 2005 20:39:45 +0900, Joel <rees at ddcom.co.jp> wrote:
> > > The reasons I see for not using SELinux are as follows:
> > >
> > > One, this is still in-front-of-leading-edge technology. For all that the
> > > nsa is a major contributor, it needs a lot of debugging.
> >
> > Fedora core 3 and RHEL 4 comes with targetted policy enabled by
> > default. Sure, it can improve over time but I wouldnt classify those
> > as "debugging".
>
> My apologies for not being more explicit.
>
> There are several levels of debugging -- code, design, setup, and others.
> They feed off of eachother. In this case I was talking more about the
> setup processes, and, if I had time and hardware, I'd be helping.
the setup process with the default setting does not require any form
of debugging at all.
> If SELinux were just ACLs, then I would not be interested in even
> looking at it. Would it be inaccurate to say, however, that ACLs play a
> major role in what SELinux does?
selinux works through policy files and extended attributes but ACL are
not the major portion
>
> Or does SELinux implement capabilities already?
I am not sure what capabilities you refer to here
--
Regards,
Rahul Sundaram
More information about the fedora-list
mailing list