David Leimbach wrote:
It (SELINUX) was easily turned off with a switch in a conf file, but it's such a pain in the ass, I don't know why it's in a "FC" style distribution at all.
The bigger question, which I can't quite figure out yet, is does selinux provide some magic dust that in turn provides a level of security not attainable any other way (i.e. in something like Plan 9) ... or, is it a set of hacks to cover for an obsolete way of doing things. I am tending toward thinking the latter, now that I've worked with it a bit. Watch the discussions on labeling files, it's interesting, because the label namespace seems to be fragmenting already.
ron
