Selinux and Compiz

Ben Gamari (FOSS) bgamari at gmail.com
Sun Oct 26 19:17:58 UTC 2008 

Jerry Amundson wrote:
> On Sun, Oct 26, 2008 at 10:13 AM, Bruno Wolff III <bruno at wolff.to> wrote:
>   
>> On Sat, Oct 25, 2008 at 18:59:12 -0500,
>>  Jerry Amundson <jamundso at gmail.com> wrote:
>>     
>>> Yep, I say leave the question out of the installer, and default it to
>>> *disabled*.
>>>       
>> Disabled is the worst of the three options because you will need to do a
>> relabel if you ever turn it back on. And you don't get useful logs of any
>> problems.
>>     
>
> I repeat. I think disabled is the best option for the largest
> audience. Overall, the majority of time spent re-labeling occurs when
> we disable selinux in firstboot.
> No selinux. No problems. Everything else that needs to be logged gets logged.
>
> Very simple. Disable SElinux by default. Enable it (at firstboot,
> etc.) if you want it. The world becomes a better computing place. :)
>
> jerry
>   

Or we can simply decide that sticking our collective head in the sand is
not an option when it comes to security, leave it enabled, and fix the
remaining issues. There is no reason why SELinux needs to cause any
issues in the vast majority of cases. Sure, if you are running a poorly
tested/proprietary configuration (e.g. NVidia blob) then you will
probably not have a completely glitch-free experience. However,
degrading the security of the entire platform to cater to a small subset
of users is simply not acceptable.

Security-wise, we in the Linux community have been extremely lucky
thusfar. We represent a small percentage of Internet users and thus
desktop exploits aren't particularly prevalent. However, if and when
Linux becomes a sizeable player on the desktop/end-user space, we are
going to have far greater security issues. Look at Windows. Even without
considering the brain-dead security defaults, Windows XP is a security
nightmare. Many of the issues that Windows has with malware could be
mitigated with proper containment through MAC. Giving any application or
service open access to anything on the system is a recipe for disaster.
The fact is, the least-privilege principle simply can't realistically be
implemented using only a primitive user/group privilege system. A
perception that Linux is weak in security will only further hamper
future adoption.

We have already seen early indications of the remarkable power that
containment holds. To disable SELinux by default would be to remove a
vital part of our security subsystem. Nobody can deny that there are
still issues, but these can be fixed and once they are, the result will
be a more secure computing environment for all.

- Ben

More information about the test mailing list