selinux eradicator?

[Rahul Sundaram]

Mike McCarty wrote:
> Rahul Sundaram wrote:
>> Mike McCarty wrote:
>>
>>>
>>> No, that was not my argument. My argument is that people are
>>> commenting from a position of conjecture. There is no scientific
>>> conclusive study showing that SELinux unarguably improves
>>> security of machines.
>>
>>
>> There is. SELinux is MAC security framework and is based on scientific 
>> studies over decades which clearly show their advantages. Again read 
>> some of the work at NSA SElinux site.
> 
> Mandatory Access Control is not a thing, it is a technique. SELinux
> is a thing, which may or may not be a good implementation of MAC.

There is lots of good evidence that SELinux is a good implementation. An 
example of this is LSPP and RBAC certification of RHEL 5 based on 
SELinux technology. You have zero practical experience with it.

> I have already demonstrated that I have looked, I just disagree
> with you.

You haven't demonstrated that you looked at any of the research since 
you made obviously incorrect speculations about it in your earlier mails.

> It is faith that SELinux will survive at all.

This is too broad a statement and speculative to be meaningful.

> Erm, ADDING SELinux was an intrusive effort, which is now difficult
> to undo.

Nobody claimed it was easy to introduce a fundamental new security 
paradigm. You just prove my point that the effort to not install SELinux 
libraries offers pretty much no advantage over merely enabling or 
disabling it as required.

Rahul