Re: SELinux

[Mike McCarty <mike.mccarty@sbcglobal.net>]

Arvind Autar wrote:
> Helllo,
>
> I have been using debian for quite some time now, how ever I have
> watched several distrobutions implentating so many great ideas, and I
> have been wondering why such a robust distorbution as debian
> GNU/Linux(*) hasn't done this. One of them is:
>
> SELinux
>
> If SELinux is also suitable for desktop users for example if we look
> at the targeted policy (for fedora and RHEL) it
> shows that it doesn't restrict users sessions. Short conclusion, there
> is no loss  of functionality, why hasn't debian implented SELinux as
> default?

Over in the Fedora lists, quite a number of the defects are related
to SELinux. I've noticed that enabling SELinux took away quite a bit
of functionality, not by design, but by defect.

If it gets added to Debian, I suggest that it be shipped disabled.

Frankly, unless one is running an Apache server or the like, I see
no usefulness in it. And even if one runs a server like Apache,
who is to say that SELinux doesn't add as many exploitable defects
as holes it plugs, if not more?

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!