Re: ifupdown writes to /etc... a bug?
On Wed, 2 Apr 2003 15:58, Tommi Virtanen wrote:
> On Sun, Mar 23, 2003 at 12:27:54AM +0100, Russell Coker wrote:
> > One thing to consider is that
> > increasing complexity is the enemy of security.
> Heh. And how do you rationalize pushing SE Linux, which tends
> to accumulate huge policies bordering on human comprehension?
SE Linux is based on the LSM interface which only permits restrictive
controls. SE Linux can not allow an operation that is otherwise denied by
Therefore if SE Linux goes wrong the worst-case scenario is that the machine
is equally secure as a machine running a regular Linux kernel.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page