> The top brass of Linux community has by now a life-time experience of "what > works and what does not" and should be capable of initiating and rethinking Actually we don't. We have some experience but system wide security is a hard problem. People like the NSA have beens studying it since the 1950s and SELinux is part of that fifty odd years of research - both into formal models of containment and into studying software behaviour and errors. > - it should show various diagnostics (alarms) in real-time, but never interfere > with or prevent a program from execution. Thats a self contradictory goal. If it shows an alarm then the attacker can remove the alarm again before you see it. Also there's not a lot of value in "you have been owned, your data is toast, your hard disk is erased" in many environments. Anyway you are describing SElinux permissive mode. > - it should not interfere with / try to undo any present and standard > UNIX/Linux system security measures Thats SELinux permissive mode (and SELinux btw won't override standard security refusals), if chmod says you can't have it SELinux won't let you at it, it may only additionally bar access (or in permissive mode alarm about it) > - it should be supplementary to existing UNIX/Linux system security Like say SELinux > - it should be self-contained, installable and removable at any time, without > influencing the system That's also self contradictory since adding or removing it must change the behaviour of the system to be useful - eg in reporting alarms as you wanted. Alan -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
