[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux should be off by default in FC3

On Thu, 2004-10-07 at 12:40, David Hollis wrote:
> Not to put SELinux in bad company, but the level of security provided by
> SELinux is very similar to what is provided by the Windows NT/XP
> security system and that doesn't seem to bother people too much.  Of
> course, MS essentially turns it off to prevent that!

AFAIK, Windows does not provide mandatory access control. ACLs != MAC.

> If you find that
> SELinux doesn't work in your environment due to various reasons, it is
> quite easy to disable it though a much better alternative would be to
> work with the RH folks to get it to work properly in your environment.
> And don't forget - that may mean changing some of YOUR practices to make
> it work.

Or alternatively, customize the policy to fit your needs.  That is why
SELinux is flexible - because no single policy meets everyone's needs.

Stephen Smalley <sds epoch ncsc mil>
National Security Agency

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]