On Nov 28, Christoph Hellwig <hch@lst.de> wrote: > It's just a bad idea of a security model that implements ad-hoc > and mostly path based restrictions instead of an actually verified > security model. Using that by default makes it much harder to actually > use a real MAC based security model, which not only is required for > various security sensitive deployments but also a good idea in general. This may be true, but OTOH nobody cared enough about SELinux to actually make it work out of the box in Debian. So, for the time being I would gladly accept an inferior solution. -- ciao, Marco
Attachment:
signature.asc
Description: PGP signature