On Wed, 2004-04-28 at 10:05, Jay Daniels wrote: > I will have to catch up on some reading. I thought SELinux was a > modified kernel published by the government! The kernel security framework and module for SELinux are in mainline Linux 2.6. So all 2.6-based Linux distros should at least have the SELinux kernel code. > Why would Fedora even include it or does it just include support for > SELinux? The plan to incorporate SELinux into Fedora Core 2, including the necessary userland and policy integration, was announced long ago. But you have the option to disable it, and it is disabled by default presently. > I do not think most users here would need SELinux. SELinux provides a flexible mechanism for enforcing security policies; you can configure it for your specific security needs. See the paper available from http://www.nsa.gov/selinux/papers/inevit-abs.cfm for a discussion of why such a mechanism is important. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
