On Wed, 2005-09-21 at 16:49 -0300, Henrique de Moraes Holschuh wrote: > On Wed, 21 Sep 2005, Arvind Autar wrote: > > is no loss of functionality, why hasn't debian implented SELinux as > > default? > > It is not that simple. We are doing it slowly.
To flesh that out some:
Fine-grain security is a *pain* in the arse. It's not
easy to do right, and it necessitates vigilance, since adding new
apps very well might mean new or changed MAC rules.
For systems on insecure or restricted/classified networks, it's
wonderful. For 98% of us, it's too much complexity for not enough
benefit over:
carefully chosen apps
turned-off unused daemons
a good h/w firewall
strong iptables rules.
--
-----------------------------------------------------------------
Ron Johnson, Jr.
Temporarily not of Jefferson, LA USA
PGP Key ID 8834C06B I prefer encrypted mail.
"Everybody today seems to be in such a terrible rush, anxious for
greater developments and greater riches and so on, so that
children have very little time for their parents. Parents have
very little time for each other, and in the home begins the
disruption of peace of the world."
Mother Teresa
signature.asc
Description: This is a digitally signed message part
