On Wed, Jan 5, 2011 at 2:33 PM, Martin Peres <martin.peres@free.fr> wrote:
Le 05/01/2011 22:21, Thomas S Hatch a écrit :
Oh, it is lower on my list, but I wanted to make SELinux more powerful in
Arch too, I am one of the VERY few who not only know how to handle SELinux, and likes to use it :)
You WHAT? You like to use it? You must be a masochist then ;)
I've been working around and on it for 2 years now and I wouldn't use it for any desktop (even though that's what I'm doing at work).
Are you using the targeted mode or the strict one (I'm always using the strict mode)?
Well of course you have to move in and around it using the strict mode! Do you know who developed that? The NSA, and don't tell them I said anything, but I don't trust those guys :) Personally, I would not use SELinux on a desktop, I think that SELinux is best suited for machines with static configurations that servers content often to the open internet. So with that said, SELinux is best for DNS servers, Mail servers, routers etc. And the strict policy is too strict, often it thinks that booting is a security violation! See what I mean though? Most people don't like it, personally, I do NOT endorse turning it on by default, I think that that is a bit crazy.