SElinux
Eugen Leitl
eugen at leitl.org
Tue Apr 4 06:58:53 UTC 2006
On Tue, Apr 04, 2006 at 01:51:13AM -0500, Mike McCarty wrote:
> >I guess it's a throw out the baby with the bathwater thing.
>
> [snip]
>
> I consider it throwing out the hogwash. IMO, SELinux is a
> wrong-headed approach to security.
I disagree. Things like SELinux/RSBAC/grsecurity+PaX can add a further
defense layer in system hardening.
However, policies need to be well-maintained in order for it
to work smooth for the end user. Maybe, someday SELinux would
work smoothly in a bleeding edge system like FC (does it work
in RHEL?). That time however is not yet.
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060404/470892ca/attachment-0001.sig>
More information about the fedora-list
mailing list