Linked by Eugenia Loli-Queru on Sun 11th May 2008 23:48 UTC
Linux has been described as one of the most secure operating systems available, but the National Security Agency (NSA) has taken Linux to the next level with the introduction of Security-Enhanced Linux (SELinux). SELinux takes the existing GNU/Linux operating system and extends it with kernel and user-space modifications to make it bullet-proof. If you're running a 2.6 kernel today, you might be surprised to know that you're using SELinux right now! This article explores the ideas behind SELinux and how it's implemented.
Thread beginning with comment 313845
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:
2005-07-24
It is disturbing that SELinux is being presented essential and a panacea. To read the popular propaganda, you'd think that it was impossible achieve anything better than a security sieve without it. SELinux is an effective, if somewhat complex, tool which provides very fine-grained security. It comes at a cost of some (perhaps unnecessary[1]) complexity, and a bit of performance. There are other solutions which hit a different balance of fine-grainedness vs complexity, including the traditional unix permissions which have served us pretty well over the last few decades before SELinux showed up. I am far from a RedHat basher (I have huge respect for them), but RedHat has been pushing SELinux very hard for their own business reasons, and this has created a vortex which has sucked in many bystanders. Distros and savvy individuals should make their own choices, which make the most sense for their situation.
[1] "The more they over-think the plumbing, the easier it is to stop up the drain."
- Montgomery Scott, Star Trek III: The Search for Spock
Edited 2008-05-12 13:22 UTC