Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



>
> This is where, as a sysadmin, you need to invest just a little time and
> effort learning the system. Honestly, the vast majority of issues are
> trivial to solve if you just spend a few hours reading the docs/guides,
> and even if you really can't be bothered there are kind folks on this
> list (and others) that will likely solve your issues for you. How is
> that not worth the extra security SELinux affords?
>

In reality, I am not at all sure that a quantum leap in complexity
adds to security at all. Any proper use of old-school group
permissions can give as finely-grained a security policy as you would
like.
The time spent running SELinux in permissive mode to configure could
better be spent looking for holes in the operating system, or helping
patch the many bugs that the speedy Linux development schedule lets
through:

http://lwn.net/Articles/409954/

And then we could have real security, and not a false sense of
security generated by heavy-sounding phrases like "mandatory access
controls." :-)
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux