Re: Updated SELinux Release

Hi Russell, El lun, 03-01-2005 a las 23:53 +1100, Russell Coker escribió: > On Saturday 06 November 2004 02:57, Luke Kenneth Casson Leighton > <[EMAIL PROTECTED]> wrote: > > debian doesn't GIVE users that choice [remember the adamantix > > bun-fight, anyone?] and instead settles for about the l

Re: Updated SELinux Release

On Saturday 06 November 2004 02:57, Luke Kenneth Casson Leighton <[EMAIL PROTECTED]> wrote: > debian doesn't GIVE users that choice [remember the adamantix > bun-fight, anyone?] and instead settles for about the lowest possible > common denominator - no consideration to modern security AT ALL!

Re: Updated SELinux Release

On Fri, 2004-11-05 at 15:57 +, Luke Kenneth Casson Leighton wrote: > response 3: _is_ it the job of debian developers to dictate the minimum > acceptable security level? It is absolutely Debian's job to provide a baseline level of security by default. Debian doesn't let you install a syste

Re: Updated SELinux Release

(...) > response 3: _is_ it the job of debian developers to dictate the minimum > acceptable security level? yes, it is. But we have to weight in the needs of our users. We want, after all, our operating system to be used in a large set of environments and some of those might break when enabli

Re: Updated SELinux Release

On Fri, 05 Nov 2004 15:57:52 +, Luke Kenneth Casson Leighton wrote: [...] > response 3: _is_ it the job of debian developers to dictate the minimum > acceptable security level? It is the job of the kernel team to maintain the kernel. That includes ensuring the kernel runs correctly and quic

Re: Updated SELinux Release

On Nov 05, Stephen Smalley <[EMAIL PROTECTED]> wrote: > Obviously, I'd prefer the default to be selinux=1, but as a temporary > measure to getting SELinux compiled into the Debian kernel at all, I > think it is reasonable to make the boot-time default selinux=0 in their > kernel, as SuSE did with

Re: Updated SELinux Release

On Fri, 2004-11-05 at 10:11, Colin Walters wrote: > On Fri, 2004-11-05 at 10:28 +, Luke Kenneth Casson Leighton wrote: > > i would agree with stephen that it should be compiled in, > > default options "selinux=no". > > I don't believe Stephen said that. He said that the performance hit in >

Re: Updated SELinux Release

On Fri, Nov 05, 2004 at 10:11:01AM -0500, Colin Walters wrote: > On Fri, 2004-11-05 at 10:28 +, Luke Kenneth Casson Leighton wrote: > > On Thu, Nov 04, 2004 at 11:06:06PM -0500, Colin Walters wrote: > > > On Thu, 2004-11-04 at 13:15 +, Luke Kenneth Casson Leighton wrote: > > > > > > > def

Re: Updated SELinux Release

On Fri, 2004-11-05 at 10:28 +, Luke Kenneth Casson Leighton wrote: > On Thu, Nov 04, 2004 at 11:06:06PM -0500, Colin Walters wrote: > > On Thu, 2004-11-04 at 13:15 +, Luke Kenneth Casson Leighton wrote: > > > > > default: no. > > > > Why not on by default, > > i would agree with steph

Re: Updated SELinux Release

On Thu, 2004-11-04 at 23:06, Colin Walters wrote: > Why don't we just run say EROS (http://www.eros- > os.org/) instead? A: Because what makes SELinux interesting is that it > can run all of our legacy software. By not shipping it on everywhere, > we're not tapping that ability. Some of us might

Re: Updated SELinux Release

On Thu, Nov 04, 2004 at 11:06:06PM -0500, Colin Walters wrote: > On Thu, 2004-11-04 at 13:15 +, Luke Kenneth Casson Leighton wrote: > > > default: no. > > Why not on by default, i would agree with stephen that it should be compiled in, default options "selinux=no". that gives people th

Re: Updated SELinux Release

On Fri, 05 Nov 2004 00:40:41 -0500, Andres Salomon <[EMAIL PROTECTED]> said: > Manoj, if you're referring to our conversation earlier on IRC, I > said that I have no personal interest in selinux, but I had no > problems with it being included as long as it's not a significant > performance hit.

Re: Updated SELinux Release

On Thu, 04 Nov 2004 23:06:06 -0500, Colin Walters <[EMAIL PROTECTED]> said: > On Thu, 2004-11-04 at 13:15 +, Luke Kenneth Casson Leighton wrote: >> default: no. > Why not on by default, with a targeted policy, for everyone? > SELinux's flexibility allows one to easily turn it off for specifi

Re: Updated SELinux Release

On Thu, 04 Nov 2004 13:15:44 +, Luke Kenneth Casson Leighton wrote: > On Thu, Nov 04, 2004 at 01:02:35AM -0600, Manoj Srivastava wrote: >> On Wed, 03 Nov 2004 21:15:38 -0500, Colin Walters <[EMAIL PROTECTED]> said: >> >> > On Wed, 2004-11-03 at 19:21 +, Dhruv Gami wrote: >> >> Personally

Re: Updated SELinux Release

On Thu, 2004-11-04 at 13:15 +, Luke Kenneth Casson Leighton wrote: > default: no. Why not on by default, with a targeted policy, for everyone? SELinux's flexibility allows one to easily turn it off for specific services. There's a lot of value in preventing a compromised or misconfigured sy

[sds@epoch.ncsc.mil: Re: Updated SELinux Release]

- Forwarded message from Stephen Smalley <[EMAIL PROTECTED]> - Envelope-to: [EMAIL PROTECTED] Delivery-date: Thu, 04 Nov 2004 16:37:30 + X-Sieve: CMU Sieve 2.2 Subject: Re: Updated SELinux Release From: Stephen Smalley <[EMAIL PROTECTED]> To: Manoj Srivastava <[EMAIL

Re: Updated SELinux Release

On Thu, Nov 04, 2004 at 01:02:35AM -0600, Manoj Srivastava wrote: > On Wed, 03 Nov 2004 21:15:38 -0500, Colin Walters <[EMAIL PROTECTED]> said: > > > On Wed, 2004-11-03 at 19:21 +, Dhruv Gami wrote: > >> Personally, i would prefer to have those two tarballs available. I > >> know most people