[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Core 2 SELinux installation



On Fri, 2004-04-30 at 05:40, Pete Chown wrote:
> I think this is especially true for a new security technology.  Most
> people's view of security is quite simplistic: they want the bad guys
> kept out, without their work being interfered with.  If SELinux
> interferes with their work, they will turn it off, reasoning that normal
> Unix security has kept the bad guys out so far.  They are then unlikely
> to try it again later however much people tell them that the policy has
> been improved.

So how would people feel about a separate relaxed policy that allows
everything in the system to run completely unconfined except for a small
set of specific services, e.g. apache, bind, postfix, ...
That would ensure that SELinux wouldn't get in the way of users, while
providing some protection benefit for network-facing services.

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]