Re: SELinux Suggestion

To: debian-user@lists.debian.org
Subject: Re: SELinux Suggestion
From: Manoj Srivastava <srivasta@ieee.org>
Date: Sun, 23 Sep 2007 14:56:44 -0500
Message-id: <[🔎] 87ejgpkver.fsf@anzu.internal.golden-gryphon.com>
Mail-followup-to: debian-user@lists.debian.org
References: <[🔎] 46F33D0D.7030407@sbcglobal.net> <[🔎] 46F35335.3040303@earthlink.net> <[🔎] 87myvfhci4.fsf@anzu.internal.golden-gryphon.com> <[🔎] 46F4665E.7020002@earthlink.net> <a94352370709211920n1de2facfx6024a92187f38a40@mail.gmail.com> <[🔎] 46F47EB6.4000001@earthlink.net> <[🔎] 873ax7b2py.fsf@anzu.internal.golden-gryphon.com> <[🔎] 46F61063.8080604@gol.com>

On Sun, 23 Sep 2007 16:06:11 +0900, Takehiko Abe <keke@gol.com> said: 

> Manoj Srivastava wrote:
>> That is not the case. All core libraries and packages have already
>> been patched and are functional in Etch.  You did not even notice it,
>> because they are optional.

> libselinux and libsepol are required and are not optional.

        And, while present, there is no change in behaviour unless
 special action is taken to activate SELinux functionality. The
 libraries are small; considering the sizes of libraries that large
 segments of users do not use that are part of the base, I do not think
 this is unreasonable space and memory utilization. 
--8<---------------cut here---------------start------------->8---
__> ll -h /lib/libse*
100K -rw-r--r-- 1 root root  91K 2007-07-06 21:00 /lib/libselinux.so.1
172K -rw-r--r-- 1 root root 161K 2007-07-06 21:07 /lib/libsemanage.so.1
248K -rw-r--r-- 1 root root 240K 2007-07-06 21:01 /lib/libsepol.so.1
--8<---------------cut here---------------end--------------->8---

> I bet that selinux is of no use for majority of us. I wish the patches
> to be left as seperate patches. Those who need selinux wouldn't
> object. A special destribution would be even better -- "Debian
> Enterprise".

        I think better security is useful for every one of us; but that
 is not the question here.  Debian is about giving the widest range of
 options to our users; and while that means sometimes the distribution
 carries changes that are only useful to a subset of the users, the
 choices are still there for those that want them.

        We try or best to minimize the impact on people who do not want
 to use optional functionality, and in this case, we have tried to make
 the SELinux as non-intrusive as possible for people who are not using
 it.

        I am planning on a special distribution when SELinux support
 gets far enough along -- A Debian SELinux custom distribution; where
 SELinux support shall be installable fully  configured and in enforcing
 mode.

        manoj
-- 
If you don't drink it, someone else will.
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

Follow-Ups:
- Re: SELinux Suggestion
  - From: Alex Samad <alex@samad.com.au>

References:
- SELinux Suggestion
  - From: Mike McCarty <Mike.McCarty@sbcglobal.net>
- Re: SELinux Suggestion
  - From: "Mumia W.." <paduille.4061.mumia.w+nospam@earthlink.net>
- Re: SELinux Suggestion
  - From: Manoj Srivastava <srivasta@ieee.org>
- Re: SELinux Suggestion
  - From: "Mumia W.." <paduille.4061.mumia.w+nospam@earthlink.net>
- Re: SELinux Suggestion
  - From: "Mumia W.." <paduille.4061.mumia.w+nospam@earthlink.net>
- Re: SELinux Suggestion
  - From: Manoj Srivastava <srivasta@ieee.org>
- Re: SELinux Suggestion
  - From: Takehiko Abe <keke@gol.com>

Prev by Date: Re: SELinux Suggestion
Next by Date: replacing simple auth in slapd with saslauthd
Previous by thread: Re: SELinux Suggestion
Next by thread: Re: SELinux Suggestion
Index(es):
- Date
- Thread