SELinux works like a charm in Ubuntu!

Sun Feb 4 01:30:58 UTC 2007

On 2/3/07, Felipe Alfaro Solana <felipe.alfaro at gmail.com> wrote:
>
> On 2/3/07, Joel Bryan Juliano <joelbryan.juliano at gmail.com> wrote:
> > SELinux does wonders on my Feisty machine. I noticed that when it's turn
> on,
> > applications don't get any noticeable delays when loading, I can run
> QEMU
> > now without sacrificing the performance of the host OS. Everything runs
> so
> > smooth. Networking also runs well without any problems, Sharing files
> using
> > gshare (Avahi FTP Daemon), SAMBA works, and other host can connect to me
> > without problems. I can even connect to this PC by my .local address and
> > grab the correct time in the internet using ntpd. I have done alot of
> > searching on the net because I was so reluctant about it, I have fears
> about
> > the effects on compiling a program, but couldn't find any, so I just
> tried
> > it myself and to my surprise It works like a charm, and doesn't affect
> the
> > compiled programs.
> >
> > The only settings that is not working in Ubuntu is enforcing mode, which
> > will not boot the machine, but permissive with strict policy works. I'm
> > using targeted policy.
>
> Errr... I think that permissive mode is not very useful. I mean, any
> policy (even broken ones) will work in permissive mode, since the
> kernel simply logs invalid actions, but does not prevent them from
> happening.

Well said

> To install SELinux, just grab selinux-basics and it would install the
> > targeted policy. The strict policy and src policy would have to be
> installed
> > manually. After that you'll have to enable it at boot with selinux=1
> option.
> >
> > Just sharing this wonderful features most of us doesn't use.
>
> Fedora Core 6 has a good working SELinux policy (after three releases,
> they are getting close to getting an usable policy) and I've been
> using SELinux for sometime, not with problems, but :-)

Which bothers me a lot about Debian. Why hasn't debian supported SELinux as
well as the Fedoras have? I understand the "laid-back" approach of the DDs,
but SELinux is mature and good enough to use now, especially on a desktop
system, where things won't be breaking as often as on a server.

-- 
----)(-----
Luis Mondesi
*NIX Guru

"Feliz el hombre que ha hallado sabiduria y el hombre que consigue
discernimiento, porque el tenerla como ganancia es mejor que tener la plata
como ganancia; y el tenerla como producto, [mejor] que el oro mismo" (Prov
3:13-14).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070203/cf45e7e8/attachment.html>