swapping

Daniel J Walsh dwalsh at redhat.com
Wed Jan 21 14:26:24 UTC 2015


On 01/16/2015 03:45 PM, poma wrote:
> On 16.01.2015 20:35, Daniel J Walsh wrote:
>> On 01/16/2015 01:57 PM, poma wrote:
>>> On 16.01.2015 19:47, Daniel J Walsh wrote:
>>>> On 01/16/2015 07:47 AM, Patrick O'Callaghan wrote:
>>>>> On Fri, 2015-01-16 at 08:28 +0100, Heinz Diehl wrote:
>>>>>> On 16.01.2015, Tim wrote: 
>>>>>>
>>>>>>> Of course *you* do not *use* it, it's there as a protective device
>>>>>>> against *things* on your system.
>>>>>> Any recent Linux distribution can be secured without using selinux.
>>>>>> Selinux requires at least basic knowledge and administration. Most of
>>>>>> the people I installed Linux for didn't even know it was there or what
>>>>>> it's good for.
>>>>> You mean like the fuses in your house or the airbag in your car? When
>>>>> Selinux is working you don't know it's there. When it alerts you it
>>>>> means there's something wrong. I agree that the alerts are not always as
>>>>> clear as they might be, but it's a fallacy to suggest that it doesn't
>>>>> provide benefit.
>>>>>
>>>>> poc
>>>>>
>>>> Here is a case of SELinux protecting your house.
>>>>
>>>> http://danwalsh.livejournal.com/71122.html
>>>>
>>> Not to fall to false sense of security, does SElinux need SElinux?
>>>
>>>
>> SELinux is the kernel, so does the Kernel need the kernel.
>>
> You've probably wanted to write, SELinux is a Linux(kernel) feature.
> But in some another context, the kernel needs the kernel, and not only.
>
>> But theoretically SELinux/Kernel can protect itself.  We can prevent
>> privileged processes (root) from manipulating the SELinux settings.
>>
> Can SELinux, AppArmor and Grsecurity perform together, to achieve an even greater level of security?
>
>
SELinux and AppArmor can not, although there was some effort to allow
multiple LSM's.  Check out discussion on the selinux upstream list.

I have no idea whether Grsecurity and SELinux can run on the same
kernel.  Grsecurity has never been upstreamed.




More information about the users mailing list