On Sat, Jan 20, 2007 at 09:44:51 -0800, Les <hlhowell@xxxxxxxxxxx> wrote: > > So, please educate my friends and I. What does SELinux do? How does > it do it? Why is it so tightly bound to the OS? And by the way, what > do you want it to do for you? It provides mandatory access to resources based on the context of processes. Access to various contexts for processes is one of the resources that is controlled. Presently it's main use in Fedora is to limit access of services to resources on the computer so that if the service is compromised it will have limited ability to cause damage. There are plenty of places that the NSA could try to sneak bugs into the kernel. There is no particularly good reason to single out SELinux as a place they would do that. The kind of things that SELinux done are not such that the NSA could leave a back door. (The notable exception would be to not properly protect some application they know is compromised, but the rest of the world doesn't.)
