Re: No more selinux-policy-*-sources

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Arjan van de Ven wrote:
Not an answer to your question but there's an interesting discussion on AppArmor and SELinux in Dan Walsh's blog: 

http://danwalsh.livejournal.com/424.html



maybe it's time to accept that SELinux as technology is doomed. Not
because the code is bad, but because it's Just Too Complex(tm).
Complexity kills, and I think the time it is taking to get to the point
where at least less than 99% of the people turns selinux off first thing
is waay too long already.
I wouldn't say it's doomed I would just say that it seems focused on addressing needs most users don't have. It should be pitched as a solution to people who have extreme security needs and the resources to support such complex solutions. AppArmor looks more attractive to me because while it may not be perfect at least it's usable and easily understandable compared to selinuxes black wizardry. 

Regards,
  Dennis

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux