[Novalug] Selinux: to disable or not

Clif Flynt CLIF@CFLYNT.COM
Wed Mar 14 11:51:14 EDT 2012


On Wed, Mar 14, 2012 at 11:21:49AM -0400, Matt Ryanczak wrote:
> ...
> Its really not clear to me why Ubuntu (and others) chose this over 
> SELinux. Perhaps SELinux has too much .gov stink on it?
> 

  My memory is that Apparmor came out of the SuSE arena about the same
time that  SELinux was coming out of the Govt arena.  I think both were
in response to the need to get Linux certified for secure systems use.

  I recall looking at both of them in the early 2000s, but neither
solved the issue I had at the time - conforming to DoD logging
requirements.  My systems live behind locked doors and nobody
touches them unless they've already got clearance, so the Access
Control stuff wasn't as much of an issue.

  The kernel auditd support that came out of the RH camp solved
my conform-to-requirements problem.  

  Clif
-- 
... Clif Flynt ... http://www.cwflynt.com ... clif@cflynt.com ...
.. Tcl/Tk: A Developer's Guide (3'd edition) - Morgan Kauffman ..
.... 19'th Annual Tcl/Tk Conference:  2012, Chicago, IL  USA ....
.............  http://www.tcl.tk/community/tcl2012/  ............








More information about the Novalug mailing list