On Wed, 2005-21-09 at 20:40 +0200, Arvind Autar wrote: > If SELinux is also suitable for desktop users for example if we look > at the targeted policy (for fedora and RHEL) it > shows that it doesn't restrict users sessions. Short conclusion, there > is no loss of functionality, why hasn't debian implented SELinux as > default?
As someone who has spent a lot of time working with FC and the like with SELinux installed on it. I have found the easiest thing to do in such a case is disable it. SELinux introduces a whole lot of problems with applications interacting with each other (case in point, running a web server application that needs to contact a database, SELinux doesn't let this happen, and doesn't log an error anywhere). If Debian were ever to ship with SELinux, I would hope that the default state would be to have it turned off so that things like this would not occur. If someone can explain to me the benefits of SELinux I would be very happy to know them, since as of right now I have seen nothing that seems to indicate that SELinux is a good thing. Again in my humble opinion SELinux does not offer an enhanced security environment, it offers a crippled O/S that is hard to debug why certain applications are not running as intended. If you are truly concerned about security run iptables with several rules designed to lock your system down, only allow access to ports that actually have things running on them and lock it down so only known addresses can access it. -- o) Derek Wueppelmann (o (D . [EMAIL PROTECTED] D). ((` http://monkey.homeip.net/ ( ) `
signature.asc
Description: This is a digitally signed message part
