Re: No more selinux-policy-*-sources

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 14, 2006 at 04:52:54PM +0100, Dennis Jacobfeuerborn wrote:
> I understand that but if this system that "solves the fundamental problems" 
> is so complex that most people just turn it off then the gain in security 
> you get is pretty much theoretical. Security isn't an all-or-nothing thing 
> and right now there seems to be chasm between the very basic traditional 

It becomes a packaging problem. For most users SELinux just works and they
take the defaults. The argument you are making is not new btw, the same was
said about firewalling by default years ago and today would be regarded as
deeply silly.

In part the risk model changed, in part the tools improved

> Unix model and the very secure but extremely complex SELinux. It looks like 
> AppArmor fits in quite well between these two extremes.

Looks pretty, does little ? Thats not a good combination. I agree entirely
about the lack of easy tool configuration for SELinux.

Anyway if AppArmor wats to become anything serious it needs to get upstream
and I see no evidence of them even trying to do that. If it gets upstream
dropping the tools for it into extras is easy

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux