Re: Should selinux be standard?

To: debian-devel@lists.debian.org
Subject: Re: Should selinux be standard?
From: Manoj Srivastava <srivasta@debian.org>
Date: Tue, 16 Sep 2008 23:09:52 -0500
Message-id: <[🔎] 871vzjv2en.fsf@anzu.internal.golden-gryphon.com>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] gapkd5$buh$1@ger.gmane.org> (Raphael Geissert's message of "Tue, 16 Sep 2008 19:52:52 -0500")
References: <[🔎] 20080914090810.GA7965@deprecation.cyrius.com> <[🔎] 200809141240.30196.elendil@planet.nl> <[🔎] 1221482926.4720.5.camel@shizuru> <[🔎] 87sks1a1e2.fsf@anzu.internal.golden-gryphon.com> <[🔎] 1221495124.4720.9.camel@shizuru> <[🔎] 20080915170112.GA5322@wavehammer.waldi.eu.org> <[🔎] gam7dm$jli$1@ger.gmane.org> <[🔎] 87myi87o0g.fsf@anzu.internal.golden-gryphon.com> <[🔎] gapkd5$buh$1@ger.gmane.org>

On Tue, Sep 16 2008, Raphael Geissert wrote:

> There should and will, but only if it used.
> I haven't had neither time nor interest to read the docs to correctly setup
> SELinux. So, the several packages which are installed by default, because
> of priority: standard, are completely useless.

        Packages that are useless to some people are not a very
 interesting set, since I can see some people having no use for some ogf
 the packages below.

Package: telnet
Package: exim4-config
Package: cpp-4.1
Package: g++-4.1
Package: libdns22
Package: python-minimal
Package: console-tools
Package: vim-common
Package: whiptail
Package: python
Package: console-data
Package: file
Package: gcc-4.1

        Indeed, the question is not about utility for everyone, but the
 selection of a set of characteristics for the operating system we are
 creating, such that they prove to be of utility to a larger set of
 people. I think, in this day and age, mandatory security should have a
 low barrier of entry -- so something that is available, installed, and
 just needs minor configuration to enable is better than not having it
 around. And that means not disabling the patches that more and more
 upstreams are incorporating.

        I think we are have a low enough avc denial rates that
 unconfined/permissive already provides value. We are pretty close to
 achieving unconfined/enforcing fo Lenny, and with help from people I
 think we can be there. strict/permissive and strinct/enforcing should
 be doable for squeeze.

        manoj
-- 
The ends justify the means. after Matthew Prior
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/~srivasta/>  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

Follow-Ups:
- selinux documentation [was: Should selinux be standard?]
  - From: Vincent Danjean <vdanjean.ml@free.fr>

References:
- Should selinux be standard?
  - From: Martin Michlmayr <tbm@cyrius.com>
- Re: Should selinux be standard?
  - From: Frans Pop <elendil@planet.nl>
- Re: Should selinux be standard?
  - From: Josselin Mouette <joss@debian.org>
- Re: Should selinux be standard?
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Should selinux be standard?
  - From: Josselin Mouette <joss@debian.org>
- Re: Should selinux be standard?
  - From: Bastian Blank <waldi@debian.org>
- Re: Should selinux be standard?
  - From: Raphael Geissert <atomo64+debian@gmail.com>
- Re: Should selinux be standard?
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Should selinux be standard?
  - From: Raphael Geissert <atomo64+debian@gmail.com>

Prev by Date: Bug#499222: ITP: lancelot -- Next gen menu for KDE4
Next by Date: Re: Headsup: ncurses soname bump 5 to 6
Previous by thread: Re: Should selinux be standard?
Next by thread: selinux documentation [was: Should selinux be standard?]
Index(es):
- Date
- Thread