Linked by Thom Holwerda on Wed 19th Mar 2008 22:58 UTC, submitted by diegocg
It's official: SELinux is now available in the Ubuntu development ('Hardy Heron') distribution. "This is the result of the amazing work of the ubuntu-security and ubuntu-hardened teams, as well as the huge contributions from the folks at Tresys (SELinux will not be the default, but is available as a security option)." In other news, Sun has started offering Ubuntu as an option.
Thread beginning with comment 305807
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
RE: Debian already has this?
by sbergman27 on Thu 20th Mar 2008 11:24
in reply to "Debian already has this?"
Member since:2005-07-24
I'd just automatically disable it during install on the later releases, so I'm not really qualified to say if it's still getting in the way on anything newer than Fedora 6.
Even "disabled", it's still impacting performance unless you manually add "selinux=0" to your kernel boot string. SELinux is kind of like lice. Once your machine is infested, it's very difficult to really get rid of it.
RE[2]: Debian already has this?
by h3rman on Thu 20th Mar 2008 11:34
in reply to "RE: Debian already has this?"
Member since:2006-08-09
Even "disabled", it's still impacting performance unless you manually add "selinux=0" to your kernel boot string. SELinux is kind of like lice. Once your machine is infested, it's very difficult to really get rid of it.
I sense a little dichotomy here. If it's as simple as adding selinux=0 to your kernel boot string, where's the "very difficult" bit?
Not a rhetorical question, I frankly have no idea of kernel level SELinux mechanisms.
RE[2]: Debian already has this?
by Crono on Thu 20th Mar 2008 16:28
in reply to "RE: Debian already has this?"
Member since:2006-11-08
RE: Debian already has this?
by h3rman on Thu 20th Mar 2008 11:29
in reply to "Debian already has this?"
Member since:2006-08-09
No you're not 
because SELinux troubleshooting has been further refined all the time since Fedora 6.
Although one might argue that most desktop users don't really need SELinux, I have never disabled it on either CentOS or Fedora; the system tells you what's going on if something's going on, so there's no immediate need to just disable it.
There's a lot of myths around SELinux, and frankly, the NSA is the last institution on earth that I would ever trust, but it is sort of actually manageable on recent Fedora systems. Red Hat is investing in this, obviously, so it will be even more manageable in RHEL 6.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2006-01-10
Debian has had selinux packages in the repositories for a long time now, but for some reason Ubuntu had gone with apparmor instead.
Though I've never tried actually setting SELinux up in Debian, every time I had tried Fedora, I ended up disabling it, because it was just annoying me. But that was a few releases ago, and I'd just automatically disable it during install on the later releases, so I'm not really qualified to say if it's still getting in the way on anything newer than Fedora 6.