On Sun, 2005-08-21 at 14:57 -0400, AragonX wrote: > <quote who="Paul Howarth"> > > I'd still say so. Unless one "security feature" is complete subset of > > another one, using that feature should enhance security (i.e. the more > > layers of defences the better). > > > > Regarding SELinux, I'd still try to get to grips with it if I was you > > (if not now, as a longer-term project). It's actively supported in > > Fedora and is only likely to get better and easier to manage as time > > goes on. I found http://fedora.redhat.com/docs/selinux-apache-fc3/ to be > > a very useful guide, including tips on customising policy. > > Well, since SELinux and LIDS both provide ACLs, they offer basically the > same type of security. I do not believe it's possible or even reasonable > to have two ACL systems at the same time. > > In addition to the problem with complexity, SELinux has licensing issues > that make it less desirable. Check here: > > http://security.linux.com/security/05/03/11/2313226.shtml Hmm, interesting! Paul. -- Paul Howarth <paul@xxxxxxxxxxxx>
