Peter wrote: > No. openSUSE 11.1 (which has been released as the first beta yesterday) > does_include_ SELinux, but it is not enabled by default. And it is just > a "technology preview", so nothing which will be actively supported and no > SELinux rules will be provided with the system. The same holds true for > the upcoming SUSE Linux Enterprise 11.
Brain fart, I meant shipped with is included by default, but not necessarily enabled or with any rules. Ack. > I'd say the reason for having SELinux in SUSE Linux is more due to some > pressure from the US market. People in the US tend to assume there is only > Red Hat and when they hear about other Linux distributions (e.g. SUSE) > they often ask "What about SELinux?". I have heard a couple of times > comments like "if you need to run Linux in a certain environment, there is > no way to do it without SELinux". I don't know if that is true, I suspect > it's not. This argument doesn't hold any weight. Red Hat may be somewhat centric in North America on its certifications, but it's sales and adoption is anything but North American. Over 50% is non-US now, and even the Russians use SELinux. Of course the Russians have their own RHEL build system. ;) > And Novell laid off the whole AppArmor team a couple of months > ago, so ... That is exactly what I was alluding to, but it's not really my place. I have a slight preference for how Red Hat decides to support things, because I feel it's more sustainable. But that is my subjective opinion. > BTW: What about other distributions? Do they include and support SELinux? > Debian, Ubuntu, Mandriva, etc. If they don't, I don't see a reason for > adding this to the exam. LPI claims to be a vendor-neutral certification > but currently it seems to me we are adding more and more Red Hat-specific > stuff. I've heard the term "Red Hat specific" since GLibC 2 was adopted. Reality? There are many things that are allegedly "Red Hat specific" that become the universal default. Why? Well, a lot has to do with Red Hat's utter infiltration into various, core projects. So, as I always correct "Red Hat just gets its way, because it pays people to develop them." SELinux and its MAC/RBAC is not only here to stay, but enterprises are adopting it. Now I _did_ state it should go in the "next revision," not current. That would be 2-3 years from now, and I _did_ mention adoption rates would matter as well when it came up. But SELinux is at the point that it can't be ignored by any vendor claiming to sell a server distribution. Furthermore, being able to identify SELinux on a system is quickly becoming a "real world" skill. I have run into several now that didn't know why things were failing (because the MAC enforcement was stomping on it, hard), and I had to point out why. SELinux is here to stay, especially with the EAL level 4 + specialties it's been able to obtain for a generic OS. Hell, Red Hat's built a little list of exploits that SELinux prevented "out-of-the-box." -- Bryan J Smith - mailto:[EMAIL PROTECTED] http://thebs413.blogspot.com Sent via BlackBerry from T-Mobile
_______________________________________________ lpi-examdev mailing list lpi-examdev@lpi.org http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
