Re: Core 3 Release 1 - SELinux is activated by default

From: Terry Linhardt (linhardt_at_swbell.net)
Date: 07/17/04

  • Next message: Jeff Vian: "Re: dual-booting without GRUB or LILO" 
    To: For users of Fedora Core releases <fedora-list@redhat.com>
Date: Fri, 16 Jul 2004 20:46:59 -0500

    On Fri, 2004-07-16 at 17:55, Jason L Tibbitts III wrote:
    > >>>>> "TL" == Terry Linhardt <linhardt@swbell.net> writes:
    >
    > TL> My sense is that the SELinux version remains something of interest
    > TL> for only a sub-set of users.
    >
    > I think security is of interest to the vast majority of users. Or are
    > you of the opinion that the security we have currently is all the
    > security we need?

    Jason, thank you for the feedback. No, without a doubt I believe efforts
    should be made to increase security. If I didn't believe that, I would
    advocate using another company's OS <smile>.
    >
    > TL> That being the case, why turn it on by default for individuals who
    > TL> may not desire to use/test it?
    >
    > This is a test release. If you don't desire to test things, why are
    > you using a test release?

    Look, I was suggesting something for consideration. The rationale is
    that many individuals don't care to get "entangled" in SELinux at this
    time. There are plenty of other things to be tested. Now, I'll accept
    that the case can be made that the configuration can be readily changed
    via a drop-down box, and an individual should know what they are doing
    when they accept a "default" (which is to implement SELinux). However,
    my sense is that when something is implemented which requires some
    different admin techniques then the default should be to "not
    implement."

    But you know, I could even be wrong. :)

    Terry
    >
    > - J<
    > 

    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Jeff Vian: "Re: dual-booting without GRUB or LILO"

    Relevant Pages

    • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
      ... Would there be a reason to implement floating labels in SELinux? ... In this case fireflier would need to do only this: ... To have all tasks assigned a security structure, ... * A task has accessed this file, add the task's SID to the group SID of ...
      (Linux-Kernel)
    • Re: ssh -X shop problem...
      ... outside security is delegated to the x86 version of DD-WRT. ... If this install would have Just Workedfrom the gitgo, ... Then yesterday there was a whole gaggle of selinux related stuff that yum ... PAM security session: Success ...
      (Fedora)
    • Re: Root access removed
      ... >>A little bit if time spent on education is much better in the long run ... >proper rennet mixture for curdling, oleo versus diary mixture to meet USDA ... >This is again where a well-configured SELinux setup will solve many problems. ... >technologies should be thought of as ways to improve both security of the ...
      (Fedora)
    • Re: Penalty of SELinux?
      ... Debian has SELinux, although Ubuntu now has ... security, in my opinion -- since it is oh so very easily ... People in the security field believe that pathnames are an ... used for DAC. ...
      (Debian-User)
    • Re: AppArmor FAQ
      ... don't require changing applications. ... modified to be SELinux aware - only a small handful of security aware ... bits in addition to ACLs or an SELinux label. ... understanding both SELinux policies and AppArmor profiles is ...
      (Linux-Kernel)