Re: Updated SELinux Release
On Fri, 2004-11-05 at 10:28 +0000, Luke Kenneth Casson Leighton wrote:
> On Thu, Nov 04, 2004 at 11:06:06PM -0500, Colin Walters wrote:
> > On Thu, 2004-11-04 at 13:15 +0000, Luke Kenneth Casson Leighton wrote:
> >
> > > default: no.
> >
> > Why not on by default,
>
> i would agree with stephen that it should be compiled in,
> default options "selinux=no".
I don't believe Stephen said that. He said that the performance hit in
that case is just the LSM hooks.
> that gives people the choice,
It doesn't make sense to make security a "choice". The current Linux
security model is simply inadequate.
http://www.nsa.gov/selinux/papers/inevit-abs.cfm
> without affecting performance.
That's just a bug, and it's being worked on. Personally I don't notice
any performance problems.
> > with a targeted policy, for everyone?
>
> debianites have yet to be convinced of the benefits of
> _anything_ to do with selinux [irrespective of whether they
> are actually _aware_ of its benefits]
That's what we're working on.
Reply to: