On 7/18/06, Ronald G Minnich <[email protected]> wrote:
David Leimbach wrote:
> It (SELINUX) was easily turned off with a switch in a conf file, but
> it's such a pain in the ass, I don't know why it's in a "FC" style
> distribution at all.
The bigger question, which I can't quite figure out yet, is does selinux
provide some magic dust that in turn provides a level of security not
attainable any other way (i.e. in something like Plan 9) ... or, is it a
set of hacks to cover for an obsolete way of doing things. I am tending
toward thinking the latter, now that I've worked with it a bit. Watch
the discussions on labeling files, it's interesting, because the label
namespace seems to be fragmenting already.
ron
It's very clearly add-on technology to make up for something people
felt was unmanageable in Unix. However do we really need both ACLs
and SELINUX contexts? Do our files really need to have named hidden
data to store this crap in?
I've honestly not read any papers justifying the need for ACLs or
SELINUX controls.
I suddenly miss DOS.
Dave
