On 17 Jan 2015, at 14:10, poma <pomidorabelisima(a)gmail.com>
wrote:
> On 17.01.2015 12:54, Andrew R Paterson wrote:
>> On Friday 16 January 2015 16:31:03 Gordon Messmer wrote:
>>> On 01/15/2015 11:28 PM, Heinz Diehl wrote:
>>> Selinux requires at least basic knowledge and administration. Most of
>>> the people I installed Linux for didn't even know it was there or what
>>> it's good for.
>>
>> If you do not use file system permissions for something useful,
>> chmod -R a+w /
>>
>> File system permissions require at least basic knowledge and
>> administration. Most of the people I installed Linux for don't even
>> know what they're good for.
>>
>> If your computer is single-user anyway, why does it need a security
>> subsystem?
>>
>>
>> *eyeroll*
> Having watched this debate I find I must add my own 10c
> I have spent over 30 years working on unix systems starting with xenix, bsd
> and ending up with linux .....
> We survived quite happily using the well known DAC methods of standard UNIX.
> (UGO - RWX - setuid etc).
> Then I worked on some military systems (high security stuff) and started to use
> SOLARIS CMW (Compartentalised Mode Workstation) and DEC MLS (Multi-Level-
> Security).
> These both use the same (probably not as up to date) MAC security via
> labelling as (I guess) selinux.
> I can truthfully say I loved UNIX in all its forms until coming across CMW &
> MLS and now SELINUX - then basically - I wanted OUT!.
> They are horrendous; if you start to use labelling in earnest - absolutely
> suicidal!!! - unless you have a real motive - ie you work for the security
> services or a bank or something and have a massive amount of time to devote.
> Why do the selinux guys have to force MAC onto all linux users - even
> hobbyists?
> Its getting like some kind of religion!
>
> Andy
>
> Andy
Perhaps it's more pragmatic, something like
Free feEDback frOm useRs Arangement
F ED O R A
by Red Hat for the purposes of RHEL,
and there lies a profit, right.
Without it, maybe you could say Grsecurity is optimal model for Fedora.
--
users mailing list
users(a)lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct:
http://fedoraproject.org/code-of-conduct
Guidelines:
http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away:
http://ask.fedoraproject.org