On Mon, 21 Feb 2005 20:39:45 +0900, Joel <rees@xxxxxxxxxxx> wrote: > > > The reasons I see for not using SELinux are as follows: > > > > > > One, this is still in-front-of-leading-edge technology. For all that the > > > nsa is a major contributor, it needs a lot of debugging. > > > > Fedora core 3 and RHEL 4 comes with targetted policy enabled by > > default. Sure, it can improve over time but I wouldnt classify those > > as "debugging". > > My apologies for not being more explicit. > > There are several levels of debugging -- code, design, setup, and others. > They feed off of eachother. In this case I was talking more about the > setup processes, and, if I had time and hardware, I'd be helping. the setup process with the default setting does not require any form of debugging at all. > If SELinux were just ACLs, then I would not be interested in even > looking at it. Would it be inaccurate to say, however, that ACLs play a > major role in what SELinux does? selinux works through policy files and extended attributes but ACL are not the major portion > > Or does SELinux implement capabilities already? I am not sure what capabilities you refer to here -- Regards, Rahul Sundaram
