FS#31448 - [linux] Enable SELinux by default
Attached to Project:
Arch Linux
Opened by جاك الفضة (jacksilver) - Friday, 07 September 2012, 00:03 GMT
Last edited by Dave Reisner (falconindy) - Friday, 07 September 2012, 00:09 GMT
Opened by جاك الفضة (jacksilver) - Friday, 07 September 2012, 00:03 GMT
Last edited by Dave Reisner (falconindy) - Friday, 07 September 2012, 00:09 GMT
|
Details
Description:
SE(Security Enhanced) Linux is a security feature in the Linux kernel. It is enabled by default in distributions like Fedora and RedHat Enterprise Linux. SELinux provides more fine grained access control compared to traditional file permissions. A centralized policy determines which software can access what resources. One of the main benefit of SELinux is that it gives you the ability to secure processes from each other within the system. For example, if you have a web server on the Internet which is also serving Email and DNS then you would not want a vulnerability in the web server process allowing the attacker access to corrupt your DNS server. The main drawback is a litte cost in performance see eg http://www.phoronix.com/scan.php?page=article&item=fedora_15_selinux&num=1 |
This task depends upon
Closed by Dave Reisner (falconindy)
Friday, 07 September 2012, 00:09 GMT
Reason for closing: Won't implement
Additional comments about closing: A million times no.
Friday, 07 September 2012, 00:09 GMT
Reason for closing: Won't implement
Additional comments about closing: A million times no.
No. This will not happen. This is a large burden, requiring recompiling of many core packages for selinux support, providing policies, and would represent a major shift in the distro.