[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Should selinux be standard?

On Tue, Sep 16 2008, Raphael Geissert wrote:

> There should and will, but only if it used.
> I haven't had neither time nor interest to read the docs to correctly setup
> SELinux. So, the several packages which are installed by default, because
> of priority: standard, are completely useless.

        Packages that are useless to some people are not a very
 interesting set, since I can see some people having no use for some ogf
 the packages below.

Package: telnet
Package: exim4-config
Package: cpp-4.1
Package: g++-4.1
Package: libdns22
Package: python-minimal
Package: console-tools
Package: vim-common
Package: whiptail
Package: python
Package: console-data
Package: file
Package: gcc-4.1

        Indeed, the question is not about utility for everyone, but the
 selection of a set of characteristics for the operating system we are
 creating, such that they prove to be of utility to a larger set of
 people. I think, in this day and age, mandatory security should have a
 low barrier of entry -- so something that is available, installed, and
 just needs minor configuration to enable is better than not having it
 around. And that means not disabling the patches that more and more
 upstreams are incorporating.

        I think we are have a low enough avc denial rates that
 unconfined/permissive already provides value. We are pretty close to
 achieving unconfined/enforcing fo Lenny, and with help from people I
 think we can be there. strict/permissive and strinct/enforcing should
 be doable for squeeze.

The ends justify the means. after Matthew Prior
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/~srivasta/>  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: