No more selinux-policy-*-sources
Bruno Wolff III
bruno at wolff.to
Tue Mar 14 16:07:56 UTC 2006
On Tue, Mar 14, 2006 at 15:13:15 +0100,
Arjan van de Ven <arjan at fenrus.demon.nl> wrote:
>
> maybe it's time to accept that SELinux as technology is doomed. Not
> because the code is bad, but because it's Just Too Complex(tm).
> Complexity kills, and I think the time it is taking to get to the point
> where at least less than 99% of the people turns selinux off first thing
> is waay too long already.
I would expect that for FC4 very few people would have a problem with the
targetted policy. I had some issues on my web server, because I was doing
some nonstandard things. However the benefit of limiting the damage from
security bugs in services exposed to the internet makes this a very good
trade off.
I aggree that the documentation seems lacking. I have read through a fair
amount of what is available and am developing an understanding of the model,
but I am know where near being able to write policies from scratch.
Personally, I find SELinux interesting and I will be playing with MCS and MLS
in FC5. I will also try to get some practice writing policies for commercial
software that I don't trust not to phone home. (Currently I run such software
as a separate user and have my firewall block any nonlocal traffic. But this
is a pain.)
More information about the devel
mailing list