Re: SELinux - a call for end-of-life.
- From: Marko Vojinovic <vvmarko@xxxxxxxxx>
- Date: Wed, 1 Sep 2010 15:48:37 +0100
On Wednesday, September 01, 2010 14:31:55 Bruno Wolff III wrote:
On Wed, Sep 01, 2010 at 12:35:14 +0000,
JB <jb.1234abcd@xxxxxxxxx> wrote:
- it has to be simple to be acceptable and understandable by all sys
admins and
Selinux is fundamentally simple. When a process acts on an object, the
label of the process, the label of the object and the action are checked
in a table and either allowed or denied (with optional logging).
+1.
I could even go as far as to say that SELinux is simpler than iptables, both
from fundamental and practical point of view. And they basically serve the
similar purpose, one filters file access, the other filters network access.
It's just that some people are too lazy to read and understand two or three
man pages.
Best, :-)
Marko
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
- Follow-Ups:
- Re: SELinux - a call for end-of-life.
- From: Michael Semcheski
- Re: SELinux - a call for end-of-life.
- References:
- SELinux - a call for end-of-life.
- From: JB
- Re: SELinux - a call for end-of-life.
- From: Bruno Wolff III
- SELinux - a call for end-of-life.
- Prev by Date: Re: SELinux - a call for end-of-life.
- Next by Date: Re: SELinux
- Previous by thread: Re: SELinux - a call for end-of-life.
- Next by thread: Re: SELinux - a call for end-of-life.
- Index(es):
Relevant Pages
|
