FS#31448 - [linux] Enable SELinux by default

Attached to Project: Arch Linux
Opened by جاك الفضة (jacksilver) - Friday, 07 September 2012, 00:03 GMT
Last edited by Dave Reisner (falconindy) - Friday, 07 September 2012, 00:09 GMT
Task Type Feature Request
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

SE(Security Enhanced) Linux is a security feature in the Linux kernel. It is enabled by default in distributions like Fedora and RedHat Enterprise Linux. SELinux provides more fine grained access control compared to traditional file permissions. A centralized policy determines which software can access what resources.

One of the main benefit of SELinux is that it gives you the ability to secure processes from each other within the system. For example, if you have a web server on the Internet which is also serving Email and DNS then you would not want a vulnerability in the web server process allowing the attacker access to corrupt your DNS server.

The main drawback is a litte cost in performance see eg
http://www.phoronix.com/scan.php?page=article&item=fedora_15_selinux&num=1
This task depends upon

Closed by  Dave Reisner (falconindy)
Friday, 07 September 2012, 00:09 GMT
Reason for closing:  Won't implement
Additional comments about closing:  A million times no.
Comment by Dave Reisner (falconindy) - Friday, 07 September 2012, 00:09 GMT
> The main drawback is a litte cost in performance

No. This will not happen. This is a large burden, requiring recompiling of many core packages for selinux support, providing policies, and would represent a major shift in the distro.

Loading...