[Novalug] Selinux: to disable or not

Matt Ryanczak ryanczak@gmail.com
Wed Mar 14 10:01:28 EDT 2012


On 3/14/12 9:45 AM, Peter Larsen wrote:
> Methinks not ;)  At least not with the system administrators I talk to.
> SELinux has more than 10 years behind it now. It is and should be part
> of any server installation you use; and with Fedora I'm even having no
> problems running desktop things with SELinux enabled too. I cannot speak
> to Ubuntu or Arch - personally I think it would be a big mistake by not
> including nor enabling SELinux in any distribution these days.

Ubuntu comes with apparmor enabled by default. Its not quite the same as 
Selinux but close. I *think* selinux is an installable. Debian uses 
seliux though I don't think it is enabled by default. I'm pretty sure 
Arch does either but none by default.

imho apparmor is easier to work with. Like any security system it 
introduces some pain though. it is also not as feature rich as selinux.

I think the requirement for for this type of security is entirely 
dependent on use case. Having some policy based security and access 
control is probably best by default but sometimes the overhead is just 
not worth it. Again, just my opinion.



More information about the Novalug mailing list