> > Its a bit like asking for a car to come with automatic or manual > > transmission. It isn't a last minute extra you fit like a headrest its > > intrinsic to the very build of the system. > > I guess you missed my comment (easy to do in this thread) that > HAD IT BEEN DONE RIGHT at the start, it would be much easier than > trying to retrofit now. It was done right from the beginning at least unless you mean Linus should have adopted a non-Unix MAC type security model from 0.01 ? Security models are not add-ons. They require the underlying design is properly compartmentalised and divided. You cannot make a system with an insecure design secure by adding things (just ask Microsoft). > By your own count, there are something like 50 apps which > are SELinux aware, along with some libraries, and the kernel. > These would need different versions, one SELinux, one not Why ? The few code paths executed in the selinux=0 boot case are not interesting and do no harm. Alan
