On Wed, 2005-09-21 at 16:49 -0300, Henrique de Moraes Holschuh wrote: > On Wed, 21 Sep 2005, Arvind Autar wrote: > > is no loss of functionality, why hasn't debian implented SELinux as > > default? > > It is not that simple. We are doing it slowly. To flesh that out some: Fine-grain security is a *pain* in the arse. It's not easy to do right, and it necessitates vigilance, since adding new apps very well might mean new or changed MAC rules. For systems on insecure or restricted/classified networks, it's wonderful. For 98% of us, it's too much complexity for not enough benefit over: carefully chosen apps turned-off unused daemons a good h/w firewall strong iptables rules. -- ----------------------------------------------------------------- Ron Johnson, Jr. Temporarily not of Jefferson, LA USA PGP Key ID 8834C06B I prefer encrypted mail. "Everybody today seems to be in such a terrible rush, anxious for greater developments and greater riches and so on, so that children have very little time for their parents. Parents have very little time for each other, and in the home begins the disruption of peace of the world." Mother Teresa
Attachment:
signature.asc
Description: This is a digitally signed message part