fedoraproject.org — Thanks to continuing improvements to SELinux, it is increasingly easy for users to take advantage of this powerful security tool. Read on to find an interview with Daniel Walsh, the principal developer of SELinux, where he tells us more about what SELinux does and how it's improved in Fedora 8. At the end of the article are some screenshots.
Nov 20, 2007 View in Crawl 4
mmcgrathNov 20, 2007
I have to say its too bad SELinux was introduced as it was. My first experiences with it were so poor that for a long time I just turned it off. Thats not the case anymore, its gotten easier to understand and easier to configure.
schestowitzNov 20, 2007
I was at the point where I had to use the CLI a few days ago, only to allow SSH connections from the outside. Maybe it's time to look at Fedora again. :-)
mariuzNov 21, 2007
it's still security trough obscurity and complexity
xjamesmNov 21, 2007
Yep, it is a pity, but there was no way that SELinux could have been delivered in a perfect state with both ease of use and high security -- this is extremely difficult stuff, and hasn't even been done before in a generally available OS with millions of general purpose users. SELinux had to be introduced iteratively, with a real feedback loop from users, and quite possibly the only way this is even achievable at all is because of open source.(I'm an SELinux developer...)
harrybauzoniaNov 21, 2007
Your comment prompted me to enable it (just now) on my ftp server. I've always disabled it because it turned the system into a slow pig.I'll see how it goes.
osopolareNov 22, 2007
Is may be obscure and complex to you Marluz, but if you were to RTFM you'd see that it has very significant security benefits.