On 16.01.2015 20:35, Daniel J Walsh wrote:
On 01/16/2015 01:57 PM, poma wrote:
> On 16.01.2015 19:47, Daniel J Walsh wrote:
>> On 01/16/2015 07:47 AM, Patrick O'Callaghan wrote:
>>> On Fri, 2015-01-16 at 08:28 +0100, Heinz Diehl wrote:
>>>> On 16.01.2015, Tim wrote:
>>>>
>>>>> Of course *you* do not *use* it, it's there as a protective
device
>>>>> against *things* on your system.
>>>> Any recent Linux distribution can be secured without using selinux.
>>>> Selinux requires at least basic knowledge and administration. Most of
>>>> the people I installed Linux for didn't even know it was there or
what
>>>> it's good for.
>>> You mean like the fuses in your house or the airbag in your car? When
>>> Selinux is working you don't know it's there. When it alerts you it
>>> means there's something wrong. I agree that the alerts are not always as
>>> clear as they might be, but it's a fallacy to suggest that it
doesn't
>>> provide benefit.
>>>
>>> poc
>>>
>> Here is a case of SELinux protecting your house.
>>
>>
http://danwalsh.livejournal.com/71122.html
>>
> Not to fall to false sense of security, does SElinux need SElinux?
>
>
SELinux is the kernel, so does the Kernel need the kernel.
You've probably wanted to write, SELinux is a Linux(kernel) feature.
But in some another context, the kernel needs the kernel, and not only.
But theoretically SELinux/Kernel can protect itself. We can prevent
privileged processes (root) from manipulating the SELinux settings.
Can SELinux, AppArmor and Grsecurity perform together, to achieve an even greater level of
security?