Re: Should selinux be standard?
On Tue, Sep 16 2008, Raphael Geissert wrote:
> There should and will, but only if it used.
> I haven't had neither time nor interest to read the docs to correctly setup
> SELinux. So, the several packages which are installed by default, because
> of priority: standard, are completely useless.
Packages that are useless to some people are not a very
interesting set, since I can see some people having no use for some ogf
the packages below.
Indeed, the question is not about utility for everyone, but the
selection of a set of characteristics for the operating system we are
creating, such that they prove to be of utility to a larger set of
people. I think, in this day and age, mandatory security should have a
low barrier of entry -- so something that is available, installed, and
just needs minor configuration to enable is better than not having it
around. And that means not disabling the patches that more and more
upstreams are incorporating.
I think we are have a low enough avc denial rates that
unconfined/permissive already provides value. We are pretty close to
achieving unconfined/enforcing fo Lenny, and with help from people I
think we can be there. strict/permissive and strinct/enforcing should
be doable for squeeze.
The ends justify the means. after Matthew Prior
Manoj Srivastava <email@example.com> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C