Re: Attempts at security
Hendrik Sattler <debian@hendrik-sattler.de> writes:
> And everybody gets the SE Linux overhead if he wants or not?
Which overhead does SE Linux impose to you?
> The current system does not give you perfect security but neither does
> adding SE Linux. Instead, you probably get annoying permission
> problems.
> Name a few guys that really likes to use this on a private machine and some
> real-life improvements that it brings. Hint: "increased security" is not an
> argument.
I consider "increased security" a very valid argument. The DAC security
model is quite outdated now and doesn't really match real world security
concerns most workstations are experiencing today!
> Not being able to change the cause to the better doesn't mean to
> introduce a mess to control the result. And I really hope that Debian
> never considers installing+enabling selinux by default.
IIRC, debian/etch already does already install selinux today without you
even noticing it.
> And always think about the problems that you introduce with such things (and
> almost all you named have such).
I can assure you that the Debian SELinux gurus do.
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
Reply to: