Re: Making SELinux standard for etch
On (08/10/06 17:22), Uwe Hermann wrote:
> On Sat, Oct 07, 2006 at 10:36:25PM +0100, James Westby wrote:
> > If you have exim installed, you must either install postfix or write an
> > exim policy, as none currently exists.
> > Is this still the case? It seems that it would be odd to install it by
> > default if the default MTA is not supported (I'm not trying to trigger
> > that particular debate).
> Yes, I think that's still the case. However, it shouldn't be a real
> problem. You just won't have any extra protection for exim (so it's as
> secure or insecure as if no SELinux was there at all), but all the other
> daemons and programs on your system will still profit from SELinux.
Ok, this seems reasonable.
Does it stop you from using enforcing mode?
If so it seems odd to say "SELinux is installed on your system by
default, in order to activate it just do ... but if you want it to
actually stop some expliots, rather that just giving you information you
have to do the above, and turn on enforcing mode, and remove exim and
install postfix and set it up to your liking."
Apologies for pushing that a bit far, but I wish to question the sense
of installing it by default if this much has to be done to make use of
it, when it sounds like it is very easy to install it.
If I am wrong about this then great, and I support it being emphasised
as a feature of etch, even if it is too late to have it installed by
James Westby -- GPG Key ID: B577FE13 -- http://jameswestby.net/
seccure key - (3+)k7|M*edCX/.A:n*N!>|&7U.L#9E)Tu)T0>AM - secp256r1/nistp256