[Novalug] Selinux: to disable or not
Matt Ryanczak
ryanczak@gmail.com
Wed Mar 14 10:01:28 EDT 2012
On 3/14/12 9:45 AM, Peter Larsen wrote:
> Methinks not ;) At least not with the system administrators I talk to.
> SELinux has more than 10 years behind it now. It is and should be part
> of any server installation you use; and with Fedora I'm even having no
> problems running desktop things with SELinux enabled too. I cannot speak
> to Ubuntu or Arch - personally I think it would be a big mistake by not
> including nor enabling SELinux in any distribution these days.
Ubuntu comes with apparmor enabled by default. Its not quite the same as
Selinux but close. I *think* selinux is an installable. Debian uses
seliux though I don't think it is enabled by default. I'm pretty sure
Arch does either but none by default.
imho apparmor is easier to work with. Like any security system it
introduces some pain though. it is also not as feature rich as selinux.
I think the requirement for for this type of security is entirely
dependent on use case. Having some policy based security and access
control is probably best by default but sometimes the overhead is just
not worth it. Again, just my opinion.
More information about the Novalug
mailing list