Re: SELinux Suggestion

["Mumia W.." <paduille.4061.mumia.w+nospam@earthlink.net>]

On 09/21/2007 09:20 PM, Patrick Wiseman wrote:
> On 9/21/07, Mumia W.. <paduille.4061.mumia.w+nospam@earthlink.net> wrote:
> > On 09/21/2007 05:36 PM, Manoj Srivastava wrote:
> > > On Fri, 21 Sep 2007 00:14:29 -0500, Mumia W
> > > <paduille.4061.mumia.w+nospam@earthlink.net> said:
> > >
> > > > I concur. From what I've read, selinux seems complicated and
> > > > Linux-contorting enough to be placed at Debian's periphery--if not
> > > > outside of the perimeter altogether.
> > >         I am trying to make SELinux disappear -- back into the guts of
> > >  the OS where it belongs; and not impinge on end users.  The  mechanism
> > >  is deeper integration, not a kludgey superficial hackkery that causes
> > >  most of the problems you see.
> > >
> > >         manoj
> > Why is selinux in Debian at all?
> >
> > Have any users asked for it?
>
>
> I, for one, would specifically ask that it NOT be a standard feature, so
> please, if it's to be offered at all, make it optional.  I would hate one
> day to find, after doing my routine updating of my testing system, to find
> that functionality had been sacrificed to security (which has been my
> experience with SELinux on RedHat systems at work).
>
> Patrick

(Redirected to the list.)

Read the other messages in the thread. If Debian supports SElinux, 
important, core system libraries must be built with SElinux support.

There is no option to make SELinux optional. Discussion centers around 
how visible it will be.