[aur-general] TU Application -Thomas Hatch

Thomas S Hatch thatch45 at gmail.com
Wed Jan 5 16:39:11 EST 2011


On Wed, Jan 5, 2011 at 2:33 PM, Martin Peres <martin.peres at free.fr> wrote:

> Le 05/01/2011 22:21, Thomas S Hatch a écrit :
>
>  Oh, it is lower on my list, but I wanted to make SELinux more powerful in
>> Arch too, I am one of the VERY few who not only know how to handle
>> SELinux,
>> and likes to use it :)
>>
> You WHAT? You like to use it? You must be a masochist then ;)
>
> I've been working around and on it for 2 years now and I wouldn't use it
> for any desktop (even though that's what I'm doing at work).
>
> Are you using the targeted mode or the strict one (I'm always using the
> strict mode)?
>

Well of course you have to move in and around it using the strict mode! Do
you know who developed that? The NSA, and don't tell them I said anything,
but I don't trust those guys :)

Personally, I would not use SELinux on a desktop, I think that SELinux is
best suited for machines with static configurations that servers content
often to the open internet. So with that said, SELinux is best for DNS
servers, Mail servers, routers etc.

And the strict policy is too strict, often it thinks that booting is a
security violation!

See what I mean though? Most people don't like it, personally, I do NOT
endorse turning it on by default, I think that that is a bit crazy.


More information about the aur-general mailing list