swapping
Andrew R Paterson
andy.paterson at ntlworld.com
Sat Jan 17 11:54:38 UTC 2015
On Friday 16 January 2015 16:31:03 Gordon Messmer wrote:
> On 01/15/2015 11:28 PM, Heinz Diehl wrote:
> > Selinux requires at least basic knowledge and administration. Most of
> > the people I installed Linux for didn't even know it was there or what
> > it's good for.
>
> If you do not use file system permissions for something useful,
> chmod -R a+w /
>
> File system permissions require at least basic knowledge and
> administration. Most of the people I installed Linux for don't even
> know what they're good for.
>
> If your computer is single-user anyway, why does it need a security
> subsystem?
>
>
> *eyeroll*
Having watched this debate I find I must add my own 10c
I have spent over 30 years working on unix systems starting with xenix, bsd
and ending up with linux .....
We survived quite happily using the well known DAC methods of standard UNIX.
(UGO - RWX - setuid etc).
Then I worked on some military systems (high security stuff) and started to use
SOLARIS CMW (Compartentalised Mode Workstation) and DEC MLS (Multi-Level-
Security).
These both use the same (probably not as up to date) MAC security via
labelling as (I guess) selinux.
I can truthfully say I loved UNIX in all its forms until coming across CMW &
MLS and now SELINUX - then basically - I wanted OUT!.
They are horrendous; if you start to use labelling in earnest - absolutely
suicidal!!! - unless you have a real motive - ie you work for the security
services or a bank or something and have a massive amount of time to devote.
Why do the selinux guys have to force MAC onto all linux users - even
hobbyists?
Its getting like some kind of religion!
Andy
Andy
More information about the users
mailing list