swapping
poma
pomidorabelisima at gmail.com
Fri Jan 16 20:45:43 UTC 2015
On 16.01.2015 20:35, Daniel J Walsh wrote:
>
> On 01/16/2015 01:57 PM, poma wrote:
>> On 16.01.2015 19:47, Daniel J Walsh wrote:
>>> On 01/16/2015 07:47 AM, Patrick O'Callaghan wrote:
>>>> On Fri, 2015-01-16 at 08:28 +0100, Heinz Diehl wrote:
>>>>> On 16.01.2015, Tim wrote:
>>>>>
>>>>>> Of course *you* do not *use* it, it's there as a protective device
>>>>>> against *things* on your system.
>>>>> Any recent Linux distribution can be secured without using selinux.
>>>>> Selinux requires at least basic knowledge and administration. Most of
>>>>> the people I installed Linux for didn't even know it was there or what
>>>>> it's good for.
>>>> You mean like the fuses in your house or the airbag in your car? When
>>>> Selinux is working you don't know it's there. When it alerts you it
>>>> means there's something wrong. I agree that the alerts are not always as
>>>> clear as they might be, but it's a fallacy to suggest that it doesn't
>>>> provide benefit.
>>>>
>>>> poc
>>>>
>>> Here is a case of SELinux protecting your house.
>>>
>>> http://danwalsh.livejournal.com/71122.html
>>>
>> Not to fall to false sense of security, does SElinux need SElinux?
>>
>>
> SELinux is the kernel, so does the Kernel need the kernel.
>
You've probably wanted to write, SELinux is a Linux(kernel) feature.
But in some another context, the kernel needs the kernel, and not only.
> But theoretically SELinux/Kernel can protect itself. We can prevent
> privileged processes (root) from manipulating the SELinux settings.
>
Can SELinux, AppArmor and Grsecurity perform together, to achieve an even greater level of security?
More information about the users
mailing list