Re: Updated SELinux Release

To: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Cc: Manoj Srivastava <manoj.srivastava@stdc.com>, selinux@tycho.nsa.gov, debian-devel@lists.debian.org
Subject: Re: Updated SELinux Release
From: Colin Walters <walters@verbum.org>
Date: Fri, 05 Nov 2004 10:11:01 -0500
Message-id: <[🔎] 1099667461.25416.27.camel@nexus.verbum.private>
In-reply-to: <[🔎] 20041105102853.GA5565@lkcl.net>
References: <1099496380.1213.111.camel@moss-spartans.epoch.ncsc.mil> <Pine.LNX.4.58.0411031908500.12297@d10systems.homelinux.com> <1099534538.3875.6.camel@nexus.verbum.private> <87k6t2qepg.fsf@glaurung.internal.golden-gryphon.com> <[🔎] 20041104131544.GC5461@lkcl.net> <[🔎] 1099627566.25416.6.camel@nexus.verbum.private> <[🔎] 20041105102853.GA5565@lkcl.net>

On Fri, 2004-11-05 at 10:28 +0000, Luke Kenneth Casson Leighton wrote:
> On Thu, Nov 04, 2004 at 11:06:06PM -0500, Colin Walters wrote:
> > On Thu, 2004-11-04 at 13:15 +0000, Luke Kenneth Casson Leighton wrote:
> > 
> > >  default: no.
> > 
> > Why not on by default, 
> 
>  i would agree with stephen that it should be compiled in,
>  default options "selinux=no".

I don't believe Stephen said that.  He said that the performance hit in
that case is just the LSM hooks.

>  that gives people the choice, 

It doesn't make sense to make security a "choice".  The current Linux
security model is simply inadequate.

http://www.nsa.gov/selinux/papers/inevit-abs.cfm

> without affecting performance.

That's just a bug, and it's being worked on.  Personally I don't notice
any performance problems.

> > with a targeted policy, for everyone?  
> 
>  debianites have yet to be convinced of the benefits of
>  _anything_ to do with selinux [irrespective of whether they
>  are actually _aware_ of its benefits]

That's what we're working on.

Reply to:

Follow-Ups:
- Re: Updated SELinux Release
  - From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
- Re: Updated SELinux Release
  - From: Stephen Smalley <sds@epoch.ncsc.mil>

References:
- Re: Updated SELinux Release
  - From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
- Re: Updated SELinux Release
  - From: Colin Walters <walters@verbum.org>
- Re: Updated SELinux Release
  - From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>

Prev by Date: Re: Compiling in SELinux in the default kernels
Next by Date: Re: mozilla-*-locale-* packages?
Previous by thread: Re: Updated SELinux Release
Next by thread: Re: Updated SELinux Release
Index(es):
- Date
- Thread