Re: Should selinux be standard?
On Mon, 15 Sep 2008 14:48:46 +0200, Josselin Mouette <email@example.com> said:
> Le dimanche 14 septembre 2008 à 12:40 +0200, Frans Pop a écrit :
>> I also feel that SeLinux is not sufficiently tuned for Debian. I
>> don't know what the exact current status is and what has changed
>> since Russell stepped in, but when I tried it last year a lot of
>> additional tuning was needed to get for example normal package
>> upgrades to run cleanly.
> Agreed. Either SELinux is suitable with our default setup and we
> should enable it by default to get all its alleged benefits, or it is
> not, and we should simply not install it.
Since the new default policy seems to be working in targeted
mode, I think we are doing fine.
> Currently, users who want SELinux need to enable it. If we add an
> apt-get to this, it’s not a real burden for them, while the gain is
> real for all others.
Err, not really the case: the default policy seems to be working
fine at level 1 (as defined by Russell), so comparing the situation now
to that of early this year is not really valid.
Having a wonderful wine, wish you were beer.
Manoj Srivastava <firstname.lastname@example.org> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C