what to use besides selinux?
Markus Schönhaber
ubuntu-users at list-post.mks-mail.de
Tue Nov 23 11:54:11 UTC 2010
21.11.2010 11:27, Arthur Bela:
> apt-get install selinux
>
> Ok. Reboot. So I'm better protected now, or i have to set a few things?
Since I don't know much about the Ubuntu SELinux packages I can't answer
that question.
Just a general hint: the SELinux packages are in the universe
repository. After the completely fubar'ed[1] update of the Xen kernel
(also from universe) I had a conversation with one of the Ubuntu devs,
and he made it pretty clear that the one and only thing you really can
rely on wrt to universe packages is that you can rely on exactly nothing.
When you did
apt-get install selinux
you probably removed apparmor, which comes from the main repository. So
you exchanged a officially supported security framework for a community
supported one. Personally, that would make me feel the opposite of more
secure.
IMO, if you want to use Ubuntu, stick with apparmor. If you want to use
SELinux, switch to a distribution that really supports it.
And in both cases, make sure you don't get affected by risk
compensation. Just installing something and then thinking "now I'm
secure, nothing can happen to me anymore!" might prove to be the
greatest threat, eventually.
That said, it's up to you to decide, of course.
[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/620994
--
Regards
mks
More information about the ubuntu-users
mailing list