Res wrote:
On Fri, 21 Sep 2007, Ralf Corsepius wrote:
If SELinux was such an "terrific and compelling approach", upstream
Linux and other distros would have adopted it _years ago_ with standing
ovations - Fact is: Nobody did.
=> This is developers and maintainers having doubts on SELinux.
Ralf
Well put. Most of us in charge of ISP's, OSP's etc, wont touch it,
because it has given many people in many companies, in many places
around the world, many headaches, which I guess is why most DC's I've
known to run RH, have all but 1 dumped it in moves to either Slackware
or Debian, and if the suggestion made by someone that Debian is going
I'm not suggesting it, I'm STATING IT CATEGORICALLY:
[QUOTE MODE ON]
Debian SELinux support
The Debian packaged Linux kernels have had SELinux support compiled in
(but disabled by default) since version 2.6.9. In order to activate
SELinux the parameter selinux=1 must be passed to the kernel when
booting. Alternatively, you can compile your own kernel with SELinux
enabled by default.
The SELinux support is in constant flux, so it is generally recommended
that you use an up-to-date installation of unstable if you want to
experiment with SELinux (for instance, the Debian packaged kernels did
not include "audit" support until version 2.6.13).
In addition to kernel modifications, several user-space application need
to be modified to support SELinux properly. Patched versions of these
should be in Debian unstable by now.
[QUOTE MODE OFF]
Original at http://wiki.debian.org/SELinux
Note that there is a difference between not having SELinux, and having
SELinux, but disabled.
Hmm, Slackware doesn't have it yet. That would be better than LFS.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!