Core 2 SELinux installation
Pete Chown
1 at 234.cx
Fri Apr 30 09:40:05 UTC 2004
Jeremy Katz wrote:
> But you *have* to install some SELinux packages. eg, libselinux is
> always going to end up being installed due to dependencies of other
> packages.
Incidentally Fedora 1 has a similar situation. If you want Postgres,
you have to install krb5-libs, even if you aren't using Kerberos. If
you are going to ship binary packages, you have to turn on all the
options that anyone could want. I guess taken to extremes it would
increase bloat unacceptably, but krb5-libs and the user space SELinux
libraries are not large.
> Because there's not a way to give enough information on what all of
> the ramifications are [of installing SELinux]. And with the current
> state of things, it's thus best to make it an option for people who
> know what they're doing.
I think this is especially true for a new security technology. Most
people's view of security is quite simplistic: they want the bad guys
kept out, without their work being interfered with. If SELinux
interferes with their work, they will turn it off, reasoning that normal
Unix security has kept the bad guys out so far. They are then unlikely
to try it again later however much people tell them that the policy has
been improved.
Pete
More information about the fedora-selinux-list
mailing list