Tim ignored_mailbox@yahoo.com.au wrote:
Sent: Aug 31, 2010 5:30 AM To: Community support for Fedora users users@lists.fedoraproject.org Subject: Re: SELINUX
On Tue, 2010-08-31 at 00:15 +0000, JB wrote:
Well, if selinux is the best that happened to security since sliced bread, then why people make these comments ?
Because people like to bitch, particularly the ignorant ones.
Maybe because SeLinux is harder than hell to configure, if your favorite application is not already configured. This is BY DESIGN to prevent 'ordinary' users from mucking around in it.
Why do security people think they have the ability to dictate to application writers that they use specialized API's or write arcane security policies?
Gee, that's a tough one. Probably because security people know more about security than non-security-aware programmers...
Bingo. Maybe it is also so that they write more secure code as well.
If you are on the Internet, SeLinux is a great product which is designed to give you enhanced, but not perfect, security.
Now that's my dime on this. I don't run SeLinux, my system is not networked. That is MY decision. If it ever becomes networked, SeLinux, ip tables and a bunch of other stuff is going on it first.
James McKenzie SSCP 367830