SELINUX
James Mckenzie
jjmckenzie51 at earthlink.net
Tue Aug 31 14:34:42 UTC 2010
Tim <ignored_mailbox at yahoo.com.au> wrote:
>Sent: Aug 31, 2010 5:30 AM
>To: Community support for Fedora users <users at lists.fedoraproject.org>
>Subject: Re: SELINUX
>
>On Tue, 2010-08-31 at 00:15 +0000, JB wrote:
>> Well, if selinux is the best that happened to security since sliced bread, then
>> why people make these comments ?
>
>Because people like to bitch, particularly the ignorant ones.
>
Maybe because SeLinux is harder than hell to configure, if your favorite application is not already configured. This is BY DESIGN to prevent 'ordinary' users from mucking around in it.
>> Why do security people think they have the ability to dictate to
>> application writers that they use specialized API's or write arcane
>> security policies?
>
>Gee, that's a tough one. Probably because security people know more
>about security than non-security-aware programmers...
>
Bingo. Maybe it is also so that they write more secure code as well.
If you are on the Internet, SeLinux is a great product which is designed to give you enhanced, but not perfect, security.
Now that's my dime on this. I don't run SeLinux, my system is not networked. That is MY decision. If it ever becomes networked, SeLinux, ip tables and a bunch of other stuff is going on it first.
James McKenzie
SSCP 367830
More information about the users
mailing list