Re: Core 2 SELinux installation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2004-04-30 at 05:40, Pete Chown wrote:
> I think this is especially true for a new security technology.  Most
> people's view of security is quite simplistic: they want the bad guys
> kept out, without their work being interfered with.  If SELinux
> interferes with their work, they will turn it off, reasoning that normal
> Unix security has kept the bad guys out so far.  They are then unlikely
> to try it again later however much people tell them that the policy has
> been improved.

So how would people feel about a separate relaxed policy that allows
everything in the system to run completely unconfined except for a small
set of specific services, e.g. apache, bind, postfix, ...
That would ensure that SELinux wouldn't get in the way of users, while
providing some protection benefit for network-facing services.

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux