lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20061227204212.GA21393@thunk.org>
Date:	Wed, 27 Dec 2006 15:42:13 -0500
From:	Theodore Tso <tytso@....edu>
To:	Karel Zak <kzak@...hat.com>
Cc:	Arnd Bergmann <arnd@...db.de>, linux-kernel@...r.kernel.org,
	Henne Vogelsang <hvogel@...e.de>, Olaf Hering <olh@...e.de>,
	"H. Peter Anvin" <hpa@...or.com>
Subject: Re: util-linux: orphan

On Wed, Dec 27, 2006 at 08:18:24PM +0100, Karel Zak wrote:
>  Frankly, it wasn't always easy to use SeLinux in previous FC
>  releases, but there is huge progress and I think it's much better in
>  FC6.

I've never tried SELinux, but at one point there were all sorts of
horror stories that if you enabled SELinux, the moment you installed
any 3rd party software packages, whether it's Oracle or Websphere or
some other commercial application program, the application would break
because of all sorts of SELinux policy violations, and that it
required an SELinux wizard to configure SELinux policy to enable a 3rd
party application to actually work correctly.  Given that I tried
enabling SELinux, witnessed things break spectacularly and with no
hints about how to fix things, I've always had the attitude of "life
is too short to enable SELinux", and so my limited experience is
consistent with all of the horror stories that I've heard.

It sounds like SELinux has gotten better, according to your
description.  Will handle arbitrary 3rd party software without running
wild, or is it still the case that the moment you want anything other
than software that was shipped with the distribution, it's "abandon
all hope, all ye who enter here"?

						- Ted


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ