Jason White <[email protected]> writes: > Trent W. Buck <[email protected]> wrote: >> Robin Humble <[email protected]> writes: > >> > Android 4.3 has started using selinux. do we really trust android >> > vendors to be on top of complex selinux configs or would we be better >> > off with it err, off? >> >> If you're running Frobozz distro and you don't trust Frobozz, Inc. to >> get security right, maybe you should pick a different distro. > > Agreed. further, turning SELinux off is going to make security worse, because > in that case no mandatory access controls are applied at all. Even if there's > a bug in a policy that permits an operation which should not be allowed, the > policy is still going to prevent numerous other potentially undesirable > accesses.
Having said that, if he's concerned about SELinux complexity, he should compile Linux without SELinux (rather that compiling it in and then disabling it) -- or run a simpler kernel entirely (e.g. OpenBSD's). _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
