selinux is a pain
Craig White
craigwhite at azapple.com
Sun Sep 25 02:43:26 UTC 2011
On Sat, 2011-09-24 at 21:19 -0300, Martin Cigorraga wrote:
> Hi Andreas,
> "SELinux has wasted too much time of my life over the years,
> so I decided to no longer use it. I keep my computers up to date
> and configure them properly. If that isn't enough, bad luck."
>
> You shoudn't have any problems at all... c'on, it's GNU/Linux! Even a
> local
> firewall is obsolete depending on what will be your system used for :D
> And as you say SELinux is intrinsically complicated and bloated. If
> you
> ever need such type of protection try Tomoyo, something between
> SELinux and Apparmor but better and actively developed.
----
don't know about tomoyo. Have some experience with apparmor on Ubuntu
(seems weak / barely implemented / easily defeated) and of course
SELinux.
It seems that the team working on SELinux has substantially grown, the
tools have matured, the processes more deeply identified and the support
greatly enhanced and thus by any definition... actively developed.
Your choice not to use it is of course your own but I can assure you
that it is indeed possible to use it, create a reasonably effective
security layer through it with a minimum level of difficulty - or at
least a manageable level of difficulty if you are pre-disposed to
creating files in one location and moving them to an entirely different
location which is certain to create contextual problems.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the users
mailing list