Re: swapping

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 01/16/2015 03:45 PM, poma wrote:
> On 16.01.2015 20:35, Daniel J Walsh wrote:
>> On 01/16/2015 01:57 PM, poma wrote:
>>> On 16.01.2015 19:47, Daniel J Walsh wrote:
>>>> On 01/16/2015 07:47 AM, Patrick O'Callaghan wrote:
>>>>> On Fri, 2015-01-16 at 08:28 +0100, Heinz Diehl wrote:
>>>>>> On 16.01.2015, Tim wrote: 
>>>>>>
>>>>>>> Of course *you* do not *use* it, it's there as a protective device
>>>>>>> against *things* on your system.
>>>>>> Any recent Linux distribution can be secured without using selinux.
>>>>>> Selinux requires at least basic knowledge and administration. Most of
>>>>>> the people I installed Linux for didn't even know it was there or what
>>>>>> it's good for.
>>>>> You mean like the fuses in your house or the airbag in your car? When
>>>>> Selinux is working you don't know it's there. When it alerts you it
>>>>> means there's something wrong. I agree that the alerts are not always as
>>>>> clear as they might be, but it's a fallacy to suggest that it doesn't
>>>>> provide benefit.
>>>>>
>>>>> poc
>>>>>
>>>> Here is a case of SELinux protecting your house.
>>>>
>>>> http://danwalsh.livejournal.com/71122.html
>>>>
>>> Not to fall to false sense of security, does SElinux need SElinux?
>>>
>>>
>> SELinux is the kernel, so does the Kernel need the kernel.
>>
> You've probably wanted to write, SELinux is a Linux(kernel) feature.
> But in some another context, the kernel needs the kernel, and not only.
>
>> But theoretically SELinux/Kernel can protect itself.  We can prevent
>> privileged processes (root) from manipulating the SELinux settings.
>>
> Can SELinux, AppArmor and Grsecurity perform together, to achieve an even greater level of security?
>
>
SELinux and AppArmor can not, although there was some effort to allow
multiple LSM's.  Check out discussion on the selinux upstream list.

I have no idea whether Grsecurity and SELinux can run on the same
kernel.  Grsecurity has never been upstreamed.


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux