Re: selinux eradicator?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mike McCarty wrote:
Rahul Sundaram wrote:
Mike McCarty wrote:


No, that was not my argument. My argument is that people are
commenting from a position of conjecture. There is no scientific
conclusive study showing that SELinux unarguably improves
security of machines.


There is. SELinux is MAC security framework and is based on scientific studies over decades which clearly show their advantages. Again read some of the work at NSA SElinux site.

Mandatory Access Control is not a thing, it is a technique. SELinux
is a thing, which may or may not be a good implementation of MAC.

There is lots of good evidence that SELinux is a good implementation. An example of this is LSPP and RBAC certification of RHEL 5 based on SELinux technology. You have zero practical experience with it.

I have already demonstrated that I have looked, I just disagree
with you.

You haven't demonstrated that you looked at any of the research since you made obviously incorrect speculations about it in your earlier mails.

It is faith that SELinux will survive at all.

This is too broad a statement and speculative to be meaningful.

Erm, ADDING SELinux was an intrusive effort, which is now difficult
to undo.

Nobody claimed it was easy to introduce a fundamental new security paradigm. You just prove my point that the effort to not install SELinux libraries offers pretty much no advantage over merely enabling or disabling it as required.

Rahul


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux