On Thu, 2004-10-07 at 12:40, David Hollis wrote: > Not to put SELinux in bad company, but the level of security provided by > SELinux is very similar to what is provided by the Windows NT/XP > security system and that doesn't seem to bother people too much. Of > course, MS essentially turns it off to prevent that! AFAIK, Windows does not provide mandatory access control. ACLs != MAC. > If you find that > SELinux doesn't work in your environment due to various reasons, it is > quite easy to disable it though a much better alternative would be to > work with the RH folks to get it to work properly in your environment. > And don't forget - that may mean changing some of YOUR practices to make > it work. Or alternatively, customize the policy to fit your needs. That is why SELinux is flexible - because no single policy meets everyone's needs. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
